Gen:Variant.Strictor.114492 (B) (Emsisoft), Gen:Variant.Strictor.114492 (AdAware), Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 730b3196366aeda9356dc19f9a3c608d
SHA1: c08ec8f7dbfa0767747c9874d27f94d74801cb67
SHA256: 844def308a2060bccf858e3c3aa5f0c5fea2ba29bdca94131cdef9be751344d8
SSDeep: 49152:ptib6XRnWPi7oO8xgvf4eLFmWssJUFucRdOaH/XYR:ptiiWiN8ysrsJxkwaHAR
Size: 2165691 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2011-09-26 16:21:33
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
Baidu.exe:2596
Baidu.exe:1640
Baidu.exe:2876
Baidu.exe:2592
Baidu.exe:1772
Baidu.exe:2548
Baidu.exe:3604
Baidu.exe:3820
Baidu.exe:1916
brp.exe:2276
Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544
BaiduUpdate.exe:940
The Trojan injects its code into the following process(es):
%original file name%.exe:1904
Baidu.exe:2160
BaiduRenderClient.exe:2828
BaiduRenderClient.exe:3112
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1904 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe (2206750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C4.tmp (75405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2.ico (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe (1974641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FEP54WXI.txt (111 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA2B4.tmp (0 bytes)
The process Baidu.exe:2596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (40 bytes)
The process Baidu.exe:2876 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (221 bytes)
The process Baidu.exe:2592 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\å¸载百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Desktop\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (221 bytes)
The process Baidu.exe:2548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (376 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (806 bytes)
The process Baidu.exe:3820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\icudtl.dat (780 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_100_percent.pak (963 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\en-US.pak (214 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\4f03c9f6263fa20679b486a9424243c8.7z.bdl (192392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (243 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\resources.pak (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\UninstalledPlugins.xml (261 bytes)
C:\ProgramData\Baidu\Desktop\Global.db (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_200_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete_check_list.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll (7427 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\zh-CN.pak (213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\PackCache.xml (239 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PluginSetup.xml (762 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (0 bytes)
The process Baidu.exe:2160 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_100_percent.pak (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\icudtl.dat (76782 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\103.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\resources.pak (131213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll (10177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll (392052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\resourceSug.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_200_percent.pak (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll (23811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll (132143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete_check_list.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\ZerbaReport.pb (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PluginSetup.xml (762 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\en-US.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\100.pb (920 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (337 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\cloud_games.pb (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\zh-CN.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\medusa_navigateinfo.pb (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (512 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (0 bytes)
The process BaiduRenderClient.exe:2828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000003.log (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\5A9D.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\LOG (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_1 (17840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_0 (49052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_3 (7832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_2 (968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\MANIFEST-000001 (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (589 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\f_000001 (36 bytes)
The process Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\history.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (13584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (3712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\general.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-search-input.png (332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe (48588 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (22552 bytes)
C:\ProgramData\Baidu\Common\Global.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win10.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\request.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\api.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\skinres.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\history_mods.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\fe.html (498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll (15536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\UsualNames.pb (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll (28310 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\box-shadow.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll (26598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (70002 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\search-button.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\completelist.txt (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\1px.png (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd(start_request).html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-right.png (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\webkit-404.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.js (197 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (11048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\map.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (66526 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mb_setup.log (44236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (221518 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (55008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win7.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\core.css (662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-refresh.png (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe (12720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\ImportBookmark.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll (12912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack_z.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll (33264 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-center.png (158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll (32848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\Software.pb (9984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe (33888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (29256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll (30336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\global.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (16368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win10.rdb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search.png (382 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-right.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\item-arrow.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\browsershowcut.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (67494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\crash.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\utils\ua.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (386 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win7.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win10.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (9984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
C:\Windows\System32\drivers\bbnetdriver.sys (230 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win10.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (24176 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (120372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\dialog-button-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe (27168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.css (646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\crash.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\msgconfig.pb (142 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\complete_check_list.pb (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (25072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (25072 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\completelist.txt (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe (26736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe (35696 bytes)
C:\Windows\System32\bbnetservice.dll (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-fail.html (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win7.rdb (3104 bytes)
C:\Windows\System32\bbugreport.exe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\PluginSetup.xml (502 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\icon\test.png (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (301 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win10.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\error-pages.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\appBlackList.dat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\app-error.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
C:\Windows\System32\bbnethlp64.dll (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\test.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-new.png (977 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe (61936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (37368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (19592 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\150x\icon-crash.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\logo_blank.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\mod.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-left.png (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\125x\icon-crash.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (9984 bytes)
C:\ProgramData\Baidu\XCommon\verify.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\default-icon.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnC6D8.tmp (848881 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes.rdb (28368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting.rdb (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update.rdb (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll (40832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\GlobalPluginInfo.xml (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips.rdb (1568 bytes)
C:\Windows\System32\bbnethlp.dll (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\popwindow.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\PluginSetup.xml (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\136.dat (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (28368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe (18640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\minibaiduscheme.pb (1512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll (32128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll (362791 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\ssl-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\complete_check_list.pb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgCenter_96.rdb (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll (14605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-error.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks_z.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\json2.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-left.png (161 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history_z.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Download.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\jssdk-v2.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\history_icon.png (743 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame.rdb (3712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\img\loading.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\125x\history_icon.png (466 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll (9573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\error.html (734 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\200x\icon-crash.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win7.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll (60235 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\xml.rdb (20272 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (23424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\favicon.ico (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\reset.css (826 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (51648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\history_icon.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\popup.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll (11040 bytes)
C:\Windows\System32\plugins\config.xml (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll (65648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll (35696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (55008 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\SuggestionWnd.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (16368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-fail.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\res\InstallWnd.zip (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll (10136 bytes)
C:\Users\Public\Documents\bbnetservice\bbconfig.dat (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\holderpage\holderpage.html (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\default.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\404.html (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win7.rdb (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll (12908 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-connect.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-textbox.png (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\complete-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (66526 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\game.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\respond.min.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\item-arrow.png (794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-404.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\js\common.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\s2fg.2 (0 bytes)
C:\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC6B8.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg (0 bytes)
C:\Users\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg (0 bytes)
C:\Users\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg.1 (0 bytes)
C:\s2fg.2 (0 bytes)
C:\Users\s2fg.2 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\s2fg.2 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg.1 (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\s2fg.2 (0 bytes)
C:\s2fg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp (0 bytes)
The process BaiduUpdate.exe:940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe.bdl (516232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\BDDownload\3518413350\Setting\host.dat (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)
Registry activity
The process %original file name%.exe:1904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\730b3196366aeda9356dc19f9a3c608d_RASAPI32]
"EnableFileTracing" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
The process Baidu.exe:2592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"Favorites" = "00 7C 01 00 00 14 00 1F 80 C8 27 34 1F 10 5C 10"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"msinfo32.exe,-100" = "System Information"
"AccessibilityCpl.dll,-10" = "Ease of Access Center"
"gameux.dll,-10082" = "Games Explorer"
"gameux.dll,-10061" = "Spider Solitaire"
"pmcsnap.dll,-700" = "Print Management"
"wdc.dll,-10021" = "Performance Monitor"
"mblctr.exe,-1008" = "Windows Mobility Center"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"mycomput.dll,-300" = "Computer Management"
"SyncCenter.dll,-3000" = "Sync Center"
"miguiresource.dll,-101" = "Event Viewer"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0]
"powershell.exe,-101" = "Windows PowerShell ISE"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10060" = "Solitaire"
"ie4uinit.exe,-737" = "Internet Explorer (No Add-ons)"
"odbcint.dll,-1310" = "Data Sources (ODBC)"
"gameux.dll,-10103" = "Internet Spades"
"MdSched.exe,-4001" = "Windows Memory Diagnostic"
"gameux.dll,-10059" = "Mahjong Titans"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesVersion" = "2"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"wucltux.dll,-1" = "Windows Update"
"dfrgui.exe,-103" = "Disk Defragmenter"
"filemgmt.dll,-2204" = "Services"
"gameux.dll,-10102" = "Internet Backgammon"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\migwiz]
"wet.dll,-588" = "Windows Easy Transfer"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"NetProjW.dll,-501" = "Connect to a Network Projector"
"rstrui.exe,-100" = "System Restore"
"SoundRecorder.exe,-100" = "Sound Recorder"
"gameux.dll,-10055" = "FreeCell"
"gameux.dll,-10209" = "More Games from Microsoft"
"wsecedit.dll,-718" = "Local Security Policy"
"gameux.dll,-10056" = "Hearts"
"gameux.dll,-10057" = "Minesweeper"
"gameux.dll,-10054" = "Chess Titans"
"comres.dll,-3410" = "Component Services"
"msra.exe,-100" = "Windows Remote Assistance"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesChanges" = "9"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"wdc.dll,-10030" = "Resource Monitor"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"ShapeCollector.exe,-298" = "Personalize Handwriting Recognition"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Windows Journal]
"Journal.exe,-3074" = "Windows Journal"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"FXSRESM.dll,-114" = "Windows Fax and Scan"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\DVD Maker]
"DVDMaker.exe,-61403" = "Windows DVD Maker"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\Speech\SpeechUX]
"sapi.cpl,-5555" = "Windows Speech Recognition"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"displayswitch.exe,-320" = "Connect to a Projector"
"iscsicpl.dll,-5001" = "iSCSI Initiator"
"sdcpl.dll,-101" = "Backup and Restore"
"msconfig.exe,-126" = "System Configuration"
"recdisc.exe,-2000" = "Create a System Repair Disc"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"mip.exe,-291" = "Math Input Panel"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Windows Sidebar]
"sidebar.exe,-1005" = "Desktop Gadget Gallery"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]
"FavoritesResolve" = "CC 02 00 00 4C 00 00 00 01 14 02 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10058" = "Purble Place"
"AuthFWGP.dll,-20" = "Windows Firewall with Advanced Security"
"XpsRchVw.exe,-102" = "XPS Viewer"
"miguiresource.dll,-201" = "Task Scheduler"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32\migwiz]
"wet.dll,-591" = "Windows Easy Transfer Reports"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@C:\Windows\system32]
"gameux.dll,-10101" = "Internet Checkers"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%Program Files%\Common Files\Microsoft Shared\Ink]
"TipTsf.dll,-80" = "Tablet PC Input Panel"
The process Baidu.exe:3604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Baidu.exe]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".xhtml" = "BaiduClientBrowserHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet]
"(Default)" = "Baidu.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe]
"(Default)" = "Baidu.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationName" = "æ¡Œé¢百度æµÂÂ览器"
[HKCR\BaiduClientBrowserHTML]
"AppUserModelID" = "BaiduClient.Default"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe]
"LocalizedString" = "æ¡Œé¢百度æµÂÂ览器"
[HKCU\Software\Classes\BaiduClientBrowserHTML]
"AppUserModelID" = "BaiduClient.Default"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".shtm" = "BaiduClientBrowserHTML"
[HKLM\SOFTWARE\RegisteredApplications]
"baidu.exe" = "Software\Clients\StartMenuInternet\baidubrowser.exe\Capabilities"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".xht" = "BaiduClientBrowserHTML"
[HKCU\Software\Classes\BaiduClientBrowserHTML]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"
[HKCR\BaiduClient.Default\.exe\shell\run\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe %*"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".html" = "BaiduClientBrowserHTML"
[HKCR\BaiduClient.Default\.exe\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe %*"
[HKCR\BaiduClientBrowserHTML\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe -- %1 --main-frame 3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\Startmenu]
"StartMenuInternet" = "Baidu.exe"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".shtml" = "BaiduClientBrowserHTML"
".mhtml" = "BaiduClientBrowserHTML"
".mht" = "BaiduClientBrowserHTML"
[HKCR\BaiduClientBrowserHTML]
"URL Protocol" = ""
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities]
"ApplicationDescription" = "æ¡Œé¢百度是一款æžÂÂ速æµÂÂ览器,打开网页快ã€ÂÂ下载文件快,并æžÂÂ富设计感。"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"ftp" = "BaiduClientBrowserHTML"
[HKCU\Software\Classes\BaiduClientBrowserHTML\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\FileAssoc.ico"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".XML" = "BaiduClientBrowserHTML"
[HKCR\BaiduClientBrowserHTML\DefaultIcon]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\FileAssoc.ico"
[HKCU\Software\Classes\BaiduClientBrowserHTML\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe -- %1 --main-frame 3"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\FileAssociations]
".htm" = "BaiduClientBrowserHTML"
".mhtm" = "BaiduClientBrowserHTML"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"https" = "BaiduClientBrowserHTML"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Baidu.exe]
"Path" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\"
[HKCR\BaiduClientBrowserHTML]
"(Default)" = "BaiduClient HTML Document"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\shell\open\command]
"(Default)" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --main-frame 1"
[HKLM\SOFTWARE\Clients\StartMenuInternet\Baidu.exe\Capabilities\URLAssociations]
"http" = "BaiduClientBrowserHTML"
[HKCU\Software\Classes\BaiduClientBrowserHTML]
"(Default)" = "BaiduClient HTML Document"
The process Baidu.exe:3820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\metnsd\clsid]
"SequenceID" = "44 62 2D FE 9C 7A B1 46 AE 62 76 FA 7F 22 D3 4B"
The process Baidu.exe:2160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@""%systemroot%\system32\windowspowershell\v1.0]
"powershell.exe"",-111" = "Performs object-based (command-line) functions"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@""%windir%\System32]
"ie4uinit.exe"",-738" = "Start Internet Explorer without ActiveX controls or browser extensions."
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\Baidu_RASAPI32]
"FileTracingMask" = "4294901760"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process brp.exe:2276 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Baidu\BaiduBrowser]
"InstallDate" = "20170204014750539"
The process BaiduRenderClient.exe:2828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"
The process Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"Policy" = "3"
[HKLM\SOFTWARE\Baidu\Baidu]
"TNBin" = "F7 8A 80 8C AA 68 4B B6 CE DA E8 87 AE C0 C7 9E"
"TN" = "SE_Baiduclient_9vpgkwv8"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"bbnetservice" = "bbnetservice"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppPath" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"UninstallString" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe"
[HKLM\System\CurrentControlSet\services\bbnetservice\Parameters]
"ServiceDll" = "C:\Windows\system32\bbnetservice.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartButtonDock\1]
"ButtonClassName" = "Baidu_Desk_Client_SearchBar_Widget_Docked"
[HKLM\SOFTWARE\Baidu\Baidu]
"CustomID" = "40"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayName" = "百度"
[HKLM\SOFTWARE\Baidu\Baidu]
"SupplyID" = "1050123723"
[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"
[HKLM\SOFTWARE\Baidu\Baidu]
"BrowserSelected" = "0"
"INSTLANG" = "2052"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"Publisher" = "百度在线网络技术(åŒâ€â€ÃƒÂ¤Ã‚ºÂ¬Ã¯Â¼â€°Ã¦Å“䎪ÂÂå…¬å¸"
[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDir" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient"
"Version" = "3.1.200.2978"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppName" = "Baidu.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayVersion" = "3.1.200.2978"
[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDate" = "20170204014743215"
"channel" = "--main-frame 0 --search-bar 2 --tray 1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayIcon" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe,0"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --auto-run"
Dropped PE files
| MD5 | File path |
|---|---|
| ffaf44731dd8b5315ed5a19f3cb5660f | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll |
| 3bb5644481df013cac28d955ffc3accc | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe |
| 90047f36bdb91e2098f00b13999bbe82 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll |
| f6831ffe1b0f1fe5547c851a0cb30c21 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe |
| 3df3896b3efb9f3458012b9dc3d1350e | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll |
| abde77548b3fcd52a8900c484ab3714c | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll |
| b89190c3bdf20d4b471b9acaaddb8d1b | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll |
| 203c718698db22a7b7b43cb3d08964cc | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe |
| 3e718e354507b3625008218bfc810c2b | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe |
| 71982c70e6bcde303f55edd8de2e55de | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe |
| addde3cfec6bc6f2d7031766c4562c5e | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll |
| 15ef6b1ed8ff51fa8c59246fd53a4010 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe |
| 6dcd40d39d2c55d7fc637a11f2c56d2f | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe |
| 4c00ae6b616feb3230ac58ed38118108 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll |
| 6d0f45bbca42a21086f62d49352bde9d | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll |
| 4809e75492a0168e7a912028df997ed2 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll |
| 5f2133b8872ce76fc5b0dbf029440f32 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll |
| 7af9e5ecf271f7ee028073e0c9a6bd37 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll |
| 10f64e9af47a83e30805a84c14dd9ae3 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe |
| 322169e9cd984c9dca6fcada4e648c5b | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll |
| c8993640a5b23c8b04339ba364e8da1c | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll |
| a693cc487604974b0ff12892b4a70dfd | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll |
| 7997af49c1738abf2c225ef25565d51a | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll |
| 4c422c1fe9d617164dc01cdbd81a19cf | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll |
| 1224f6268da4a58f03f1adfb148ba475 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll |
| c0d93ca7f38db6fb1afe31a21c6c96a7 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll |
| 561f530b4c73606e4a6a776bef6b1183 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll |
| 299009813c0d618c0fcabcdfb163372a | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll |
| ba5291ba5bb4706692d9a4b83cfdc67d | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll |
| e7c36f7b2ff7135042736eec013168dc | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll |
| d60e63d27cd6ce04826a308ea676c794 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll |
| 87c55a374258b2aa7fda6d3e4abf23db | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll |
| 0cf141f90efd787a71f0b1046c501d44 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll |
| 6f18bbfed4f5af9fd0a483e885e5d5f0 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll |
| 5e6909fa82c78d5e3bdd44e2d0cf4285 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll |
| 5a705abccd0ec37c41aff4c325723c51 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll |
| 0626441d2acf836eb7aec7f77078c844 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll |
| 00d2c06a552f782c1f16acf77db765a5 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll |
| 56d1d9be11aec8560139c779f353155c | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll |
| f3dffab219f3386c46f814a11a91a086 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll |
| f3482cb7643db3dfe3e78dd32514277c | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe |
| c327feba5d062b00acd08c78b2bb3c21 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll |
| bc83108b18756547013ed443b8cdb31b | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll |
| 0e37fbfa79d349d672456923ec5fbbe3 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll |
| 979a352ff0c59284fc90ee5bb9620b28 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe |
| 3d4f4d3451eacef53af6e433a7ec4560 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe |
| b8099eb74caf12f6a8fb68bcc09ebf9a | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll |
| 9f8c9ca055c00b6a3ea07f408cf991e1 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll |
| 62392671e5c14616d7405e8c5e62661b | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll |
| 0a4969536befa10ac3f8a8bb0442cd2e | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll |
| edbc6f04e8f70e5fa95f406946ebf6af | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll |
| 54b401bfb4370985bd7f73de9ff73747 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll |
| 5f193025e120e8f08d215c7a3c6d5a13 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll |
| 762b300983a61438fbb1917640638dd4 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll |
| 8311af3a48a5d817632c08f3cdab3bee | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll |
| 48edf98bf70f40e0cf9a87250f4d2600 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll |
| 5021f51f649ab61057759958821c8029 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll |
| bccfc4edc2057f7fda1ff8c2d1a5858a | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll |
| f28a1352c6674382473225abc9271576 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll |
| 5a769ecb91f48ec914ec474c1bc3d8b8 | c:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll |
| 8e53bb649fe3abb87be4f417a70fa88d | c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe |
| 8e53bb649fe3abb87be4f417a70fa88d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe |
| 4cf3a81ab4579b30117c8a39a489d51d | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll |
| 3df3896b3efb9f3458012b9dc3d1350e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll |
| addde3cfec6bc6f2d7031766c4562c5e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll |
| 4c00ae6b616feb3230ac58ed38118108 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll |
| 363e75e60191837216db858b3d2e1774 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll |
| d60e63d27cd6ce04826a308ea676c794 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll |
| 87c55a374258b2aa7fda6d3e4abf23db | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll |
| bdb492684b7a99ee0aa1d10c1f8bf702 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll |
| 0626441d2acf836eb7aec7f77078c844 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll |
| bc83108b18756547013ed443b8cdb31b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll |
| 0e37fbfa79d349d672456923ec5fbbe3 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll |
| 066ea82c62ca83270edfdd415cede04b | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe |
| f3482cb7643db3dfe3e78dd32514277c | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe |
| 6e04e5ec6821ee06edfc74daf94cec54 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll |
| 498cd8d19a4213aacc2b3e0e4fbea20f | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll |
| b6b2d880470dbe4c8e044b2c0c820358 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll |
| 373976a773030219ade9561f0a5c1d75 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll |
| 44a3377d52919bc8d757e53aa269b302 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll |
| e22ded5f00722f881b85afbf8b3f9f97 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll |
| 6e04e5ec6821ee06edfc74daf94cec54 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll |
| 498cd8d19a4213aacc2b3e0e4fbea20f | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll |
| b6b2d880470dbe4c8e044b2c0c820358 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll |
| 373976a773030219ade9561f0a5c1d75 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll |
| 44a3377d52919bc8d757e53aa269b302 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll |
| e22ded5f00722f881b85afbf8b3f9f97 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll |
| e658ff0dcf3df710575c08148fe8b476 | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll |
| cb2890bd544ecc0d442bc09429e2099a | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll |
| 0d6565a576325305206d93f153ad908a | c:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe |
| 1e277e0c146c33c85abe47a79b5cddd0 | c:\Windows\System32\bbnethlp.dll |
| 5f3098b66c42616bcd96b5b5fbaa56bc | c:\Windows\System32\bbnethlp64.dll |
| c3795e74b87959d3d2875643ff1bac93 | c:\Windows\System32\bbnetservice.dll |
| fb890a62c0e0b969c71d0485d36f1ce5 | c:\Windows\System32\bbnetservice_1.dll |
| 2c2605b6946d5c579f1d16baa70227bd | c:\Windows\System32\bbugreport.exe |
| 5d68f77523e42eef10a9beada1a6f482 | c:\Windows\System32\drivers\bbnetdriver.sys |
| 7e805ee4cc4b619e45512c018c9f1e75 | c:\Windows\Temp\Dr70da6_1.drt |
| c3795e74b87959d3d2875643ff1bac93 | c:\Windows\Temp\Dr720b9.drt |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
Using the driver "%System%\drivers\bbnetdriver.sys" the Trojan controls operations with a system registry by installing the registry notifier.
Using the driver " %System%\drivers\bbnetdriver.sys" the Trojan attaches its filter-device object to the Volume Device Object (VDO) of the file system driver.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
Baidu.exe:2596
Baidu.exe:1640
Baidu.exe:2876
Baidu.exe:2592
Baidu.exe:1772
Baidu.exe:2548
Baidu.exe:3604
Baidu.exe:3820
Baidu.exe:1916
brp.exe:2276
Baidu_Setup_3.1.200.2978_ftn_1050123723.exe:2544
BaiduUpdate.exe:940 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\Baidu_Setup_3.1.200.2978_ftn_1050123723[1].exe (2206750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C4.tmp (75405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2.ico (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Baidu_Setup_3.1.200.2978_ftn_1050123723.exe (1974641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FEP54WXI.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\CommonWorker.dll (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdlog.dll (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Hermes.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Heartbeat.dll (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度\å¸载百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\Desktop\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\uninst.exe (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduReport.dll (376 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Utils.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Report.dll (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcr100.dll (774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\msvcp100.dll (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Base.dll (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\icudtl.dat (780 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_100_percent.pak (963 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\en-US.pak (214 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\4f03c9f6263fa20679b486a9424243c8.7z.bdl (192392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (243 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\pepflashplayer.dll (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\resources.pak (2721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libexif.dll (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\UninstalledPlugins.xml (261 bytes)
C:\ProgramData\Baidu\Desktop\Global.db (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chrome_200_percent.pak (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libGLESv2.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\d3dcompiler_47.dll (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\complete_check_list.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\chromecore.dll (7427 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\locales\zh-CN.pak (213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\libEGL.dll (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin_pack\PackCache.xml (239 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\chromecore\1.2.201.132\PluginSetup.xml (762 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_100_percent.pak (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_ipc.dll (77 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_message.dll (409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\icudtl.dat (76782 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_common.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_common.dll (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\103.pb (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\resources.pak (131213 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\Upd.dat (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UIFrame.dll (131 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libEGL.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Protocol.dll (372 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libGLESv2.dll (10177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.exe (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chromecore.dll (392052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\resourceSug.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\completelist.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LogicModel.dll (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\manifest.json (749 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\chrome_200_percent.pak (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\d3dcompiler_47.dll (23811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUIHandler.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\pepflashplayer.dll (132143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserUI.dll (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\libexif.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\complete_check_list.pb (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BrowserCore.dll (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDMSkin.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PepperFlash\manifest.json (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\ZerbaReport.pb (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Peseus.dll (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_proxy.dll (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\PluginSetup.xml (762 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\en-US.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\pb\100.pb (920 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\cloud_games.pb (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommonHandler.dll (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\component\1.2.201.132\chromecore\locales\zh-CN.pak (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\UICommon.dll (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MainUI.dll (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\force_sug\medusa_navigateinfo.pb (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\histroy\history.db-journal (512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_chrome.dll (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000003.log (221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\5A9D.tmp (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\LOG (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_1 (17840 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_0 (49052 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_3 (7832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\data_2 (968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\000001.dbtmp (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\index (368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Extension State\MANIFEST-000001 (75 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_protocol.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub.dll (589 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident.dll (692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\session\default\Cache\f_000001 (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\history.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\general.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-search-input.png (332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe (48588 bytes)
C:\ProgramData\Baidu\Common\Global.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win10.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\request.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\api.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\skinres.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\history_mods.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\fe.html (498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcp120.dll (15536 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\UsualNames.pb (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Base.dll (28310 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\box-shadow.css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcr100.dll (26598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\search-button.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\completelist.txt (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\1px.png (947 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd(start_request).html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-right.png (162 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\webkit-404.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.js (197 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\map.js (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mb_setup.log (44236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win7.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\core.css (662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-refresh.png (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.exe (12720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\ImportBookmark.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BaiduReport.dll (12912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack_z.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Utils.dll (33264 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\fe\js_cmd.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-center.png (158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\MsgPush.dll (32848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\Software.pb (9984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduBugRpt.exe (33888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\atl100.dll (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (29256 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\bdminiopenssl.dll (30336 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\global.js (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win10.rdb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search.png (382 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-right.png (260 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\JoystickService.dll (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\item-arrow.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\browsershowcut.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\crash.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\utils\ua.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (386 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame_win7.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar_win10.rdb (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
C:\Windows\System32\drivers\bbnetdriver.sys (230 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win10.rdb (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\dialog-button-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduAssistant.exe (27168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\res\test.css (646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\crash.html (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BDSearchBar.rdb (14384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\msgconfig.pb (142 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\complete_check_list.pb (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\completelist.txt (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DeskGuide.exe (26736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduUpdate.exe (35696 bytes)
C:\Windows\System32\bbnetservice.dll (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDockerX64.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-fail.html (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes_win7.rdb (3104 bytes)
C:\Windows\System32\bbugreport.exe (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\game\1.0.0.3\PluginSetup.xml (502 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\icon\test.png (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (301 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win10.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\error-pages.css (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\appBlackList.dat (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\app-error.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\DetectVm.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe (7345 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
C:\Windows\System32\bbnethlp64.dll (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\test\test.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win10.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-new.png (977 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\brp.exe (61936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\150x\icon-crash.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\logo_blank.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\mod.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\common\auto_complete\top_site.db (10128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-top-left.png (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\125x\icon-crash.png (2 bytes)
C:\ProgramData\Baidu\XCommon\verify.db (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\img\default-icon.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnC6D8.tmp (848881 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\CommonRes.rdb (28368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting.rdb (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update.rdb (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\user_data\default\bookmark\bookmark.db (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BIDULocationService.dll (40832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\GlobalPluginInfo.xml (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Tips.rdb (1568 bytes)
C:\Windows\System32\bbnethlp.dll (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\popwindow.rdb (3104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\PluginSetup.xml (523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\136.dat (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BaiduService.exe (18640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\minibaiduscheme.pb (1512 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\msvcr120.dll (32128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDZebraSDK.dll (362791 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\ssl-error.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1325\complete_check_list.pb (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgCenter_96.rdb (30 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\msvcp100.dll (14605 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\connection-error.html (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\bookmarks_z.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\json2.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-box-shadow-center-left.png (161 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\history_z.png (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Download.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\System.dll (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\jssdk-v2.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\200x\history_icon.png (743 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\BrowserFrame.rdb (3712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\img\loading.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\125x\history_icon.png (466 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\InstallHelper.dll (9573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\error.html (734 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\css\img\200x\icon-crash.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Update_win7.rdb (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\BDMSkin.dll (60235 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\xml.rdb (20272 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\favicon.ico (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Download.dll (4784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\reset.css (826 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_render_stub_child.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\history_icon.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\MsgPush_win7.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\popup.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\pack.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\BDDocker.dll (11040 bytes)
C:\Windows\System32\plugins\config.xml (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\dl.dll (65648 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\PluginMgr.dll (35696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\SuggestionWnd.rdb (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\ExternalMgr.dll (13168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Report.dll (5110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\connection-fail.html (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\res\InstallWnd.zip (6584 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_base.dll (10136 bytes)
C:\Users\Public\Documents\bbnetservice\bbconfig.dat (164 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\holderpage\holderpage.html (133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\default.ico (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\404.html (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Skins\Setting_win7.rdb (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\bookmarks_mods.js (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiC708.tmp\Protocol.dll (12908 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-connect.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\bg-textbox.png (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\bookmarks\res\css\img\complete-png8.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Update.dll (11040 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\game.ico (24048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\js\respond.min.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\apps\history\res\css\img\150x\item-arrow.png (794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\LocalPages\res\css\img\icon-404.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\resource\error-pages\res\js\common.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\web_browser_trident_plugin.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\InstallerUpdate\Baidu_Setup_3.2.200.3069_Full.exe.bdl (516232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\BDDownload\3518413350\Setting\host.dat (260 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "C:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\Baidu.exe --auto-run" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 28432 | 28672 | 4.50399 | f569e353af0ed51bf4c216faa9bed4e7 |
| .rdata | 32768 | 10898 | 11264 | 3.04561 | 91eee43954e068e650f7b73a8b0e6915 |
| .data | 45056 | 425660 | 512 | 1.02085 | db9f7acbf1c3ddfe255077b699955dfa |
| .ndata | 471040 | 610304 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 1081344 | 60952 | 61440 | 5.19437 | b021294f39d09f2fa0d4b087fe7505ab |
| .reloc | 1142784 | 3978 | 4096 | 5.49152 | 4a8958bf0c86981c0e27f5ef1bd574f0 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 24
c3665bd2e0dbc429782ed0da55589504
7aac6010bafef98ab7c807bac887029c
a84a8b5d625d7c216b9b8ab3f3dc35c5
a2c759f1211588d687f0abc0d02f90c0
7c39571c11ca9e885b30d06737df40a3
450ba8e1bd0c883bad857a3524c62455
de5ff56d29eb0e0c68819a2ecd460361
4cb8694d034b829ccff0ddf0273ba291
e6d044aeb739fb7a8265143b4a36a361
8e82b539b639d89567620994694908cd
2efb19b44c6be9c06df60a1604c9e8a5
ab14db7f28cef40efd729b5dd7e9cf12
220bd2fcd9cc037d6427f139c9d1db44
6968ca45e88810d875c188542fd41462
405cf90862b5f07d16a1e506c8758840
bc6064ddf031e71b2a3d8a62ff7442ed
2b80079b849f64064928ad3d3055ddfd
aa1047258cbd6fcc392fc5cee56bdf32
6e388117cf47bd19caffdc3d7f706764
f34e2279c8c9bd41cbbf804a6425dbf8
4a981c49556d8c8549396f4b03b1b398
1513addc6bb094b982ac8bf3e57ed4b3
d6751f44df067f9fcff9d0281106f13c
458d561f85a4de0028fd88237026715b
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe | 162.159.211.62 |
| hxxp://north-mb.n.shifen.com/ | |
| hxxp://hbup.mini.n.shifen.com/ | |
| hxxp://brwebimg.jomodns.com/pb/201610/f0282f7cf506b8807c78423d06a249d6.pb | |
| hxxp://brlocation.n.shifen.com/ | |
| hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201610/4f03c9f6263fa20679b486a9424243c8.7z | 162.159.211.62 |
| hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml | 162.159.211.62 |
| hxxp://brdlsw.jomodns.com/odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e | |
| hxxp://drzc.n.shifen.com/ | |
| hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll | 162.159.211.62 |
| hxxp://scloud-dlsw.br.baidu.com.cname.yunjiasu-cdn.net/odin/201701/066ea82c62ca83270edfdd415cede04b.exe | 162.159.211.62 |
| hxxp://mbredirect.n.shifen.com/app/101/start_page | |
| hxxp://dr.mb.baidu.com/ | 61.135.186.213 |
| hxxp://scloud-dlsw.br.baidu.com/odin/201610/4f03c9f6263fa20679b486a9424243c8.7z | 162.159.211.62 |
| hxxp://redirect.mb.baidu.com/app/101/start_page | 111.206.37.114 |
| hxxp://hb.mb.baidu.com/ | 123.125.114.232 |
| hxxp://scloud-dlsw.br.baidu.com/odin/201701/066ea82c62ca83270edfdd415cede04b.exe | 162.159.211.62 |
| hxxp://dr.zc.baidu.com/ | 61.135.186.100 |
| hxxp://ibr5.bdstatic.com/pb/201610/f0282f7cf506b8807c78423d06a249d6.pb | 118.123.210.48 |
| hxxp://location.br.baidu.com/ | 61.135.186.93 |
| hxxp://dlsw.br.baidu.com/odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e | 119.84.42.46 |
| hxxp://scloud-dlsw.br.baidu.com/ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe | 162.159.211.62 |
| hxxp://scloud-dlsw.br.baidu.com/odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml | 162.159.211.62 |
| hxxp://scloud-dlsw.br.baidu.com/odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll | 162.159.211.62 |
| hxxp://cr.zc.baidu.com/ | 61.135.186.100 |
| msc.br.baidu.com | 61.135.186.96 |
| dtrp.download.iyuntian.com | 123.125.65.150 |
| f.i1236.com | 219.238.237.210 |
| cfg.download.iyuntian.com | 123.125.65.132 |
| ibr9.bdstatic.com | 118.123.210.48 |
| hb.zc.baidu.com | 61.135.186.100 |
| dr.humming.baidu.com | 111.206.223.163 |
| p2s.download.baidu.com | 61.135.186.153 |
| www.baidu.com | 14.215.177.37 |
| cdnmbapi.baidu.com | 118.123.210.48 |
| rc.download.iyuntian.com | 123.125.65.153 |
| sys.webapi.br.baidu.com | 111.206.223.133 |
| utk.download.iyuntian.com | 123.125.65.147 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 262
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......h...C}.K~K..YS.@."F.cye5....-!..VD....p...... &....M....... ....t........\>G.......!S......_....h.A..".4..bZ>..dDB.>Z..Y<a...pt..u.Fx.B7.h;h.Frw.Z..Z...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424...........i!....|p..E....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 254
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424.......>..Pg.U.V...<.Q..H~mr3{.E...{...`..azvD..........QO.y..V.yZ.O.-L..h..97.....)CLduP2c..../.....r6.^....n#....A.-/..f<..F-..F...Y .R..fR...<d.S.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424..........<.y...s...~.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424..........<.y...s...~.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 270
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424..........k.I7S9lF...o.I..W|.V.....$60...D.......|.dBn.l..lYn.I*.`P.Z...yC*o0.PU.ZP...I....s0 <.*>...I.....,Ko.w<QM>..K.idn...9&.K(.0]6....3.~.}........1.Y/..of[.N.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......I...../c5r.P.Y..HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......I...../c5r.P.Y......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 270
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......k....Vr...2..x..5|..<.#...0.a..S . ...hK?.d.9?<;.p..}.g.........!O@...,/.....e......s..i.......B....A(..N.t].q|.{..l..=.T.....!..e.............. U....C..)..(..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424......>N.0.....6:.T.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 262
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424.........@.0...D...1.fM..P...@b.{...Nu..E.K.b~.4.c...,.\m.2...P.K0?..^..w......(.g>..> B..}.O|r.....a..............A.,[.;N.^....%.......B....g..i.eO..bh.c.;.u
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 126
...b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424........8@q@.s(..2.a#.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 126.....b........" 1deeea43e07fba973e9d83e58918d424(.2.8..@.H.P.X.` ........ 1deeea43e07fba973e9d83e58918d424........8@q@.s(..2.a#...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 284
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.........&..X#o3f.f .i.Wy.;;...7G2`{....3b.? 3.m.......dJ.WoD.Z<a.}...6....$=.].z.V ......z.CD..X1Y.....N..<V.`...@ml(...z]..?..p.hyVT.>..{R.......A5..y.V.F.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424..........k.....9.A;.)HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424..........k.....9.A;.)..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-..m.oZ.9.x6 `q........!~{D].9.T.$..4).~....Hm..............
.,......e....R....O^..........P...
.{........).=<.C..@.w[c.....{..^E.K.n.S.u.B.gkgOD.-2*...2..S.......Q- .9.-a..../B..]PN
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-...Y.'.S.s9..=.gHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-...Y.'.S.s9..=.g..
GET /odin/201701/066ea82c62ca83270edfdd415cede04b.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=36700160-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:48:06 GMT
Content-Type: application/octet-stream
Content-Length: 12090632
Connection: keep-alive
Set-Cookie: __cfduid=d90e07aff4681ee28566f13253d47d9d71486165686; expires=Sat, 03-Feb-18 23:48:06 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Tue, 24 Jan 2017 04:49:25 GMT
ETag: "5886dcd5-2e87d08"
Expires: Sun, 19 Jan 2020 23:48:06 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Content-Range: bytes 36700160-48790791/48790792
Server: yunjiasu-nginx
CF-RAY: 32b9c592d5905a02-VIE
.[(..!..r....t<...4~.....*...0%..BH..*..5.{.H<....l.5)L^L!.N.w.c..^2V7.'VMdt.}.....)E Y51.SvZ,Sa...h......e&w.bdEr....Z.!..c..Gb...QP.Q/..k5.wX...:.f...aT.......4.E..*..9%..W.}.?.>.....V..:.h.L...^A.K.-....u5`F6e.k......}.......G;,I...9H$....x.//....qP.2!..........w'.2..../.....LN.....Oe.\.....9C.k..Ry...&.Q>...`6f.f.......r...~..ld..0....... .-=...........<^........"..U.........z.......b.....LXw.|o....ig. .......`M/.....s.-A.F.E<.AH.......%..X...._).N.c..A.=Q.g=...C/..Q..W,c.$z.......e.zKB Ol.69.d...$...=...U>...'........",h........9'....{o\.1...VML=...kj}...c.B.&..6.&.).}....L...l......K,..a..j...`......Je>n........`.t...W......~....>;...qPEK.,..`........dk.Q*..D.3..1z..-.LG....~J`....d.x1.u9...A?..e.f.ee=..E.k..R3.......Fi.;..<..u.k..).....Ht..x..n..cD..L..U._....a.*k........`\dk..]....*s..0T3...R....W....c....2...\L)...?".u..4..)...W.......$H.t..............jh.rH-G....4......$P8.#....9.1.li`.3../..T...T..}m.(.....1sJo~.3....._^....<Y........~....o.;............B....y5.$f..}..........6.......x....d.M........G...t2..U_..e...(.K..y;......F;...y9...".qz..t.....#......K|. .mv.j....=........z*7..Y.=..6...$...n.....=.^...M......b.J1l{.."9W..X)Oz.x...~W.....0..p$.w...w.@..."bJBLa.w"X..f;..]..u..........%...!y...s....$...Y..N.k|e..13N.hT.=U]=.......5I..sZ .4P..,!A....o_..bdv.~..., t........t...I]P..y..VI.x....\/......C..D..k=.K.p....q...o5.C...r.....y?.}'Cg ./.kx..@..k.."..T..;H....Pw@\..$....<..=4.H.L......C........C.1"t..cq#Q&x1B...5.F....v.........9o.......!....$..We...@.J.k..s
<<< skipped >>>
GET /ditui/zujian/Baidu_Setup_3.1.200.2978_ftn_1050123723.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: scloud-dlsw.br.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:34 GMT
Content-Type: application/octet-stream
Content-Length: 11371752
Connection: keep-alive
Set-Cookie: __cfduid=d3696279ae20a880bb85d6c2515d1d6c31486165653; expires=Sat, 03-Feb-18 23:47:33 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 09 Nov 2016 03:26:21 GMT
ETag: "5822975d-ad84e8"
Expires: Sun, 14 May 2017 23:47:34 GMT
Cache-Control: public, max-age=8640000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c4c8f218597e-VIE
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@.................................v.....@.................................d........@...~...........l.. ............................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata.......0...........................rsrc....~...@......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2W....v..s..O.@..l`q.=|....kdQ..Ma.......?......n...B..*B............,Bw8....!...78P..Z..~..G3[....J...B...B.Wzx3..2\m......g.EJ...X..#.. ".....e..j.@...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.C7!N......*..;.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2X.$f.b..8Jo2i..........$.....q.f....}.'pB....Go.yI-.....0...I..4ekZ...r.G...E.......-&@n..x~..Y........].4..}....I.TJ..D.b..b..t....W~:.'..j....dg"...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..0..=_....eN.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2r.t*9.@.....n.s2.cy.._
C.F.rK.......xFH....... ....a>..(.y..`..:.P.F...?.1G...kV...Y...Ho/t...u..oZ.H? z..Au8#q....[...<%...t..k/p.G.........O.R....e..@...% ..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.~..si.='...........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..~........i...Nku.2r.?.....O.(....5..L.....r.&....l....5%JV..d.v;).;.{.[....-.>*}/.2.......8.......U..y.8....."pT.....\P..c.i..........!..$f....h..g...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..%.J........3......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 354
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.@Aq....g....<.q.AS....u..].B`*.S..=wZ..../}[.r.-.~.ge.C....CA...^.........'J}e..^.y.....h..BK.0.N.."..@1`./
7G.......e.....W.[o,t@@...z...o..c...!..*!p%.;.wH......,._..*...*R.......O.[.....@..C.......J.v.......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2d...QQ...0.....c....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.K..paije.r...o....Z/hq. ....w....| ..Xi..... ..-.v:..~#.8.M<s..3...2....GI.'^..@3..0..t...(0..K.A.[4F.......&0.(...x.`..-.6.?<G..9.
D.Y.[...!|.:...\.."..^.z.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2{.K.g...F..H.b......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....23.....},..O....u9.w...o.I&......5....$....1..9.i.A."...w.=...i`..)..K....j..U....F1.|W ...w..qZ..Y....D.g.. a(WZ.T.G...Z.S...|...R.....i....Nz.'G.....0rF(>$...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..D..].w"..U...$....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..Kg....B:.-@...K.2......K......T.Am.P....g.SX..c ........FQ./..1.-9......n.{..&I......6e..4...*..o..D?5q....~.0..E.|.....c...C..., ...(#.E!.D2.2iJ..........PV<
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2`..\T...76..tA......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2....O,G..Y&\H*q.....g..u..u.=|......x... ...1%.w..d..K..I...g6..,=T...j..26x`@x...n@...........F.P.J.m...F.]A.. ..e.l......m..0a...B..........O..]e.H.cpY...;.%.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2'...Yh..\...../.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..\....V..4.R.h..G.r....iqU..|.K.|...M.ga.ew.v.a.V9.......>..:Z..&.Y.C..u.
cN].....J.F...@....~{.....I....p.NdXVK... Q..I.d.......?..;....*....T..%.e....8-..i
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2H.r=.c>Z....6i......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......!" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..F^..Qc&...3U.....$^`f.\.I.......#....`.Q.-.mg]..X..%#!.t..Mb..L..7.."...:p.6!..O./....?._N.....Y.drk@w.z..VMX........8]......<.....;.j,...............POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~......."" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x.4{..w..S..:D...i....s...._..#.9..=h.|....H.........,..H.Wj...3..<q..5V..[O.k..W.j.._...r...m....G... ...B...t...6\....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......#" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2Fs...b..........V.Y...K.w...p.j.z..........A.{k.!.0S..V.n....R..3N.....\M.P..$.f...Q..6.9..........Y'.].........o.H...$.~.....a....tQ.]..N.....H./...-$POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 314
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......$" 1deeea43e07fba973e9d83e58918d424(.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~......."" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....4%....A.D..jg,...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154.....~.......!" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....27s.>.;..2.y.P...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154.....~.......#" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2...>a..e.M$[a.....
GET /odin/201701/066ea82c62ca83270edfdd415cede04b.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=34734080-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:48:06 GMT
Content-Type: application/octet-stream
Content-Length: 14056712
Connection: keep-alive
Set-Cookie: __cfduid=d59d87ec513297d749fcf62a8099c7f4d1486165686; expires=Sat, 03-Feb-18 23:48:06 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Tue, 24 Jan 2017 04:49:25 GMT
ETag: "5886dcd5-2e87d08"
Expires: Sun, 19 Jan 2020 23:48:06 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Content-Range: bytes 34734080-48790791/48790792
Server: yunjiasu-nginx
CF-RAY: 32b9c592d10859cc-VIE
bJ...x...;.....G....'.&TqG.,.*Gq.*8.......{X....`#4.=.#....'Xh...n<M.....I.F..2H....3aFk2.N.s.R..Q.....f...)...l..vN..4..{h....v..(.N.FS.......$T.`......Tz.V......* ..E8.$h.zj....2.Y.[k..ei./........).....'.....k.B.7..,..)W.....hJ.?......h.:....Mk.....},....}F.i.A..."......{....%,...r........%..'24...V..#..Z.Y.U..<f.)....q...9#......,.A..F...F2.G..@...P..../.T:...U.X.c8.UP.Q|.Ed.......q..`....'.W..d7..x6.q.|.z..."......j.....e9;... ..)$.....Q.^.......w.;..\.F..bv.A..!B?`.j..D.tj.r..t..zH/...F.2/}.........4$...QhA.P..p%....{pF......k..z......Mo.V..........#.Z.t.0w..P.....<. ......qW4..5\.....X..x.{........S...~.M......N?.A.1.....5...o..S......../.m.K.....:.d.....\..2.=..p.=.(.x..za#Dq.E..t..&.L@..S....S*.V.....S>...V..^.zN...J...:..s.f...B.....B9/....FF.p.P.....Nm?....wZQ.Z..(......A|c..CQ.....;l....WT.iC/.K^......y...K.m....P.IN.e..........f....]9...zm.;.#8..T.x...s.;.Lv(I...(....%..w.eh...I.h.a.&5X..8..@.S.....S.f.. V.c.Q&........ .....0PO%c.R....P<.c]t._7..(....w....._.}.....L...2>-...z..lF.....AE..Fd&...D9.K. ....[......&....6.(.<...c..T[C....<..*..L ...vM..6...q.o2...n].-.=.....:.........;7.?7...^.,.a....8.K.. ....Q.n...@c......NE.9..sjJNmG...s...'.. ......4.[..$...?8.....}.k..Kx. R../....Vq...?......I.qn...a.8<4....S..[$....N.|.....Ncvv.}yQ...T.O..g.ZZ.....Hpk.i_,.Mh..].7g...(.w.....F,.)G5.M...E..y../..!;......&Yl5..-.......0T'.Z.H.1|.C/Of.c..*.j4.d*...)..q...z...r",..u...R.J.......D........r....mN.^..&...Q..q.~M_.u..p............I..[u|.5"....5.y."~.......S.]....rE(^.3*,fq...e'2.
<<< skipped >>>
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=1572864-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 30635785
Connection: keep-alive
Set-Cookie: __cfduid=dd18da332e8a3d06d2f9f928526d969f51486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 1572864-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c53954cb599c-VIE
...Q_b....9#..6. ...[..`..@.V]W.. .....}.....QB..,j....T..=(......Ns.&....NR.#.a@.'....NR....u.d).T.e.)G.......-$..~ .%F..?^L.......T.........p...}A..\.....S.....o...o.$.V....C.4....x=.o.f....PW.G.v'............'..9ea..$B......\..v.@...D...\q/....e..[..|quZ.....|w........x.3...g..1 6.m.?........y5....."......<.b...R....9u."s.l.vd...~P<....7n.E...K.....=..<...5..s...q..s.J..b.k....k...[X~.h.o.q!,0...1z...d...d)Z.....^b....N.....?....(.sI.v......Xad.....55.e(......-.EY....3..q...I...6.AY...3&....g:...eU....~.J....@..ay.Y#......L..2^q.|..#{.#nV.].&.].u3X.xfv#.t]-.2.........._...p:.4xD..,...6n.......A3..Z...@...9=... .._>.V...b7].1c...Z..i';.p0.w..,.,.........x.D...y..gIt{.v.m... I.[...T..... ..f..f.....ZZ(.l.H....=,....@..!.;`@:}..../.#.<.T...l..._.].1f.f..g..UN.....BMa.n...(si.zx.S.LU.|3...>.......F...TM...'...w..A%u.:.OI.6..6"..=wI.w..5..C.'.........u.C.....2..6........?....,..f.....-..HT.....6Ea.X........f...c2A.T..|...,......Z.Jx...m...lboT...Wx.$7J.....Sx.p.\T....B.W..t&.eyw.._8......OHT..R.......N...0.0..... ..&~.I.C..t}.....p...,..[Wlx!.=].J<M.....Aw"R.....p...._.X..C...n4.U.....r[....^.t.... fS....m....U.G.....]o.......#........."..6.^}.......c..z...Hw.v...W...A..~jJ..u fq....#...FgP....lx(..t*..... ...r7g..G...S. .<s.QJ...S5..y3(p...y...0r"*.Uk...|...v.1.vd.X..jn."`.e...-".........;...S..%.......z..#.9O=BT.T}...(..O^....nU..w.t.....Y....0...@#..U.6.:.......H.......%...S..$-...c.W ....=J.....Z...S.}.......[.....u...8].Bo.g.,J.F.B..,.;.........n).E...uy.P/XC.@)c.m......#.=.# RT....7.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 213
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...P....^.>b&d..y.I.......GV......^.....y.wM.......NW..b..u|.......)).@...')&5.....
.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 173
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..........K....Z..`..q`...BeY..=U.q2.....LHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..........K....Z..`..q`...BeY..=U.q2.....L..
GET /pb/201610/f0282f7cf506b8807c78423d06a249d6.pb HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: ibr5.bdstatic.com
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: application/octet-stream
Content-Length: 1167
Connection: keep-alive
ETag: "580d6f35-48f"
Last-Modified: Mon, 24 Oct 2016 02:17:25 GMT
Expires: Wed, 22 Feb 2017 15:42:39 GMT
Age: 979495
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Ohc-Response-Time: 1 0 0 0 0 0
..... <div class="switchBox" data-show="1">. <div class="moduleBox php-module" data-position="2">. <div class="main">. <div class="title">...............</div>. <ul class="list">. <li class="item" data-type=""><span class="inputString">.....................</span></li><li class="item" data-type=""><span class="inputString">............5</span></li><li class="item" data-type=""><span class="inputString">.....................</span></li><li class="item" data-type=""><span class="inputString">............</span></li><li class="item" data-type=""><span class="inputString">.........</span></li><li class="item" data-type="tip"><span class="inputString">........................</span></li><li class="item" data-type=""><span class="inputString">..................</span></li><li class="item" data-type="tip"><span class="inputString">............</span></li><li class="item" data-type="tip"><span class="inputString">..................3</span></li>. </ul>. </div>. </div>. </div>..
<<< skipped >>>
GET /app/101/start_page HTTP/1.1
Host: redirect.mb.baidu.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 BaiduClient/3.1.200.2978
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
DNT: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2017 23:48:12 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Fri, 03 Feb 2017 23:48:12 GMT..Content-Type: text/html..Content-Length: 154..Connection: keep-alive..Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html..<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 111
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ...... .uCM..Pr.....i..b...)..i)...!U...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........uu....v.H.....c..HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........uu....v.H.....c....
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=16908288-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 15300361
Connection: keep-alive
Set-Cookie: __cfduid=d5e14fcd6bc380fd8bb02d3df76a34e3e1486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 16908288-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539552159f0-VIE
6...29NO......}:.......f.........J..Au#j....D |...u.-.Z./..}P..m......1......F.....:.Qw..r..../x....O./-(.x.e....\m^!v| .!B....r[.b~8."..h.#),o.T3.y.(..JE.b.u]..V...-.%....b..........i..T......A.......G\7..R.....;.s.Qg..... ....f......4R...........O._.Cm...(.8...3.R9ij.....Q.32s.;GO.,K..K=..)....)q.lz..d.]#..&0.7......]h....V.9....#.d.7.....X.........I....Y..bI..'..I. &`..].~.W...O..e6.h[...Z7/...... >..T..k....(..I..`*..Z....'(.5~7......K. ....$.f....-..{p\r...cv.O.~_: ...r..............=o.wD.Ra.;.z..Y%x....)%.#..........Q.).......,v..`.....H({v..X..f..S^...<.....L.....=,_k.s..e.....).....Y. ;;.....z.9k.3f..0A.....;..Z.....yD.{...p5;[.l..`..!.-.(........g._......1.vvQk..q=..X.......g.ber)g.j.}.k..2?.M..Z...2.|..*......$\...H.=... ..fxo'z.......*A..T.....tl..Jq...~eC.O~.\Ndd..?x.].................I0..M0.s.U*....8.....T.~f.@.7.j<a.wC......o.2#~.c..c....v...@u.|.....<.8.!........-....4r2..F.F..i.s.Y.tr.......;Ud.Q_/..S#...^)G...K...2.....<,.....c........!Y9z.5..QOnj.U&.r&.........lj..d._^9.x......../.....p..N..........?*N%F..fT.........b5.....]a.........c=.7"D.nXN........:..../.l..x]..=..a&.......D.&.5m...zD@....[...C...2T".V.#....<.......V..N..k.T.#..h.[.@Z...u.z...4..=...(..3.n..opW.2..8g..a.\GU) n:.U...V........p.b(.|`..B%...%_M.....Y..t.~A.!:4kx..{S.)B^......k.R..F........y5......Q.)........B.'...~....#.H..s...N..A.......2.f.2.2..!..Z....xq......QT........&.-.....O..l._.|...D....l.....t<.M.d..I..;_v......(.54..j.iJm. f...3.......*...a6.l..w.v._..~.Z..rp. ......U[.`.p...........Q`E.:o..C.
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 189
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...Y..95( 1...8.fN...
...T..%.t..V5.Y.;.}f...2e.../s....'
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 173
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..CG..zfD..y....N6.........~....U...h..Xh.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..CG..zfD..y....N6.........~....U...h..Xh...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 271
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424.......Y..95( ..UW...b..u..].z.f..M...wR.l...]..W2'.V.'-..
..Q...A^..N.3;.:..Q?.O.<..i.J>...N..EU..R............. s.Q.......t..."........<:d8.p....Z..L./.[..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424...........U.S.#.!-..Dt>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 263
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424........R*5......i.d.....;..>.D.g...M....;t......v.Y/...f.../Y.W...G..4..K$..=....I.%.(..0..b&.x....^.[I#.Q$..b...pz...6..C....... /....-..b....j.c.b.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424........~.).w.....|..=HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 135.....k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424........~.).w.....|..=....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 207
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424...X....v...1.<..e.H.|....).<.F.4fP.=.....Y...a(JHz.........R....i..;vHW....n.q..P..p..e|...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 135
...k........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.. 1deeea43e07fba973e9d83e58918d424......H..$...L.....z....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.~..m...5d...y.r...X*....qLq.a....u..'G...^..#u....?...?g....)I......EQ......;.o...%H..U..........=...~..~r..;......!1S..V.6...r#.,.y.[....i%........z.(......,1H.Y.i.....jA.....B.A.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.BY.2......../B.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.BY.2......../B.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-....M.2..!...'..2....X ..lb<.r.Ry.-P...s.0O.Z..$.P.R.W..K...b.r...(...[6........Z(...UE.=.H?..Ka\.X.B.Y.0....!@S.Z6S[..%4.?8`....-n..D....}....LL..(.m..g...*rV.."kpK`/.%...?...H."....POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-v51GDA....cVDB...HN..A..!:};....4.......QWU..&
?...Z.:.e>...k.j..<Q.....OK...d....V|Q3r`.#\..^...``.(..v.`z..d(.y...Vw.T..A.aJ...9....Q@..<"...iH.....6.9.$.SI..w...X.Z..y.D.<.,c..C^~POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 316
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....-`}.gc<.&...yV.l...j........g.B....q..N.5.......M.Ip;z...?%...}..Y..2....)...Cu..w}:....w.*....5..@....r...Tv.........P.E........D....>...c v..!9...P..V..7q..N1..yH.`......|V..2b#.O.>..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-Fl.......~.....lHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-..PRSR.....{3...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-..8.c[..... ....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....-.......xt...M.....
GET /app/101/start_page HTTP/1.1
Host: redirect.mb.baidu.com
Connection: keep-alive
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 BaiduClient/3.1.200.2978
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
DNT: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 03 Feb 2017 23:48:12 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html
<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>..HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Fri, 03 Feb 2017 23:48:12 GMT..Content-Type: text/html..Content-Length: 154..Connection: keep-alive..Location: hXXps://cdnmbapi.baidu.com/api_res/apps/switch_pandora/index.html..<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>nginx</center>..</body>..</html>....
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=24510464-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 7698185
Connection: keep-alive
Set-Cookie: __cfduid=d326756cb3aa809de7d0354c33b17a6f41486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 24510464-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539663e598a-VIE
?.w.3D....)OuD.|.....kQz\MW.....I.I.?/.x.....j..m\No.xw".z.3..D".-.....II...5@.5.N.;P..&.u...D-.....n'....x@rKS.0.u.q.....^oS..........%...qpm.....#..[.N|.eu./P.....X.;.s..s$..Q%..iW ...4).2i9~. ..~_.................p.lO.s*F .....$.y....^.C.g1....;Ea...p...\.L|9.h.>l.6..m..r.N..>.~...=.>k....b.`AH........r!....%@.....[.._.fJ.....gi........~.....gM....]*~...E..f.b..>.......f.u.....y.`.....7.........B....qU..M.#.5g...J....g.$[H.x.&..w..f..`....TZ......%.`*.36b..u.....&:.9m.6..G4h..*R#`.*.'.....k_&3.[..>5_lt-...._..X...$h.^/..0....u9.Hw..G.....7.\@=m......~.&)..../.D3..c_A....Q..D..~..5.:.x.. ...4.......50.....#.# }.....@..'G.....5..k*/.".[H..C.M.#.5\1.(.'d....P4?..q&....XK.H ..R.....S..9s.z.0...e2X..yY..2$.I...B....;R*..H.....G=.....y.Dd..E0.[...Z"..Y/ 9.......yG.{..1.t..B........p...&..e.YA.....B[..K.Uew..p.....3r.A-M...,k%......G..n.B.@..@S.wE}...0..}....@;....}.|...........R#..f.........&Y....4.*........7I]Yad..S[..f.=....ve..5...!u!X..........DyC.:..9.y....#( ..6kp.cz|..l..c...........Y...&u..wZ@...N}...LN.7....}..a....O...x......l.Q.q .........~.i.....:....4.z($.......(......]....70H.M{:M.v.CV.....7?bG\.....O..ID..... ?.A.fsf.(s......;0E.......5z..K~AZ3...6.....r..9..f....[...d/.n..I<h_.]...2V.Ks..T..(,.;.H$.x.*..........n.G.h2'9~.q........... ....=*.'}.1/..."..H.xmK<.......... G...J.....'.Q.........._h...7*tv.&....^e..!-.@x..i..p.;..t..X(/*......C.._...9q..H2h..q..'X.r.....5.7o..'.._zU;.Mu....i...&Y$..2za.<.@..`..'ay.v@.<bG....*.d.6{)..R; .u.._..T .6,.:vG.....3...-K..a. .U ..1.[..
<<< skipped >>>
GET /odin/201607/0260783600ae78ce0dbeabf59a8d873c.xml HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: scloud-dlsw.br.baidu.com
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: text/xml
Content-Length: 5643
Connection: keep-alive
Set-Cookie: __cfduid=d6b66e536b4730f49884bc370f0421aec1486165670; expires=Sat, 03-Feb-18 23:47:50 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Mon, 18 Jul 2016 05:00:05 GMT
ETag: "578c6255-160b"
Expires: Sun, 19 Jan 2020 23:47:50 GMT
Cache-Control: public, max-age=93312000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c532b6d659fc-VIE
<?xml version="1.0" encoding="UTF-8"?>.<Rules Version="1.0">. <Rule CoreEvent="0" URL="(.*)www\.baidu\.com/(.*)" Referer="(.*)" StartTime="0" EndTime="0" CCType="3" CoreType="0">. <![CDATA[. !function(){var n=window.bdc||(window.bdc={}),e="lapuda_api_hub_v2",t="2.0.0";n.version=t;var r=function(){return function(n,e){for(var t=0;t<n.length&&e.call(n[t],n[t],t,n)!==!1;t );}}(),a=function(n){return Object.prototype.toString.call(n).match(/(\w )\]/)[1].toLowerCase()},i=function(){},o=function(n){n=n||{};for(var e,t=[].slice.call(arguments,1),r=0,a=t.length;a>r;r ){e=t[r];for(var i in e)n[i]=e[i]}return n};n.external=o(n.external,function(){var t="_BDC_CALLBACK_" (Math.random() "").slice(2),r={};window[t]=function(n,e){var t=r[n];return t&&t(a(e||"")),n};var a=function(n){var e={error:-999999,msg:"response data cannot be serialized as an object",body:{origin:n}};try{e=JSON.parse(n)}catch(t){}return e};return{send:function(n,e,a){var i=arguments,o=0;return 1==i.length?(o=n,n=""):o=window.external.GetNextReqID(),e&&(e=JSON.stringify(e)),a&&(r[o]=a),o=o||"",n=n||"",e=e||"[]",window.external.StartRequest(o,n,t,e,""),o},appSend:function(t,r,a){return n.external.send(e,{app_id:n.app.getId(),api_str:t,args:r},function(n){a&&a(n)})},appListener:function(t,r,a){r=r||{};var i="." (r.operation||r.operator||"add") "Listener";return n.external.send(e i,{app_id:n.app.getId(),api_str:t,args:r},function(n){a&&a(n)})}}}()),n.app=o(n.app,function(){var e=null;return{init:function(n){
<<< skipped >>>
GET /odin/201612/7e805ee4cc4b619e45512c018c9f1e75.dll HTTP/1.1
Host: scloud-dlsw.br.baidu.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 293
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......D)..-...J.o<.`...V........o.W.....g...i4S.4.X]Tro...8 ....\....o.*.W....EHbb..c.y5@..=m...A....8..Q...7.;...9Kk..$...B
..a......!.....N-..]!|.._.E.w@Z..R...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 197
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...@..^r..
v..n...IO.z.J..i\....N..#.B.. .ec..Gk.J.QP.'.....X@L.mH..POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...0..&w"..x..z..8A..3.,..\A1..x.
C|....W.M....;,u...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 309
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......bx...N..=.2 }Q..K#.NK"....8..Z....D...!..Q......}*E...:.>..0.P.....V.........j.s.E
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 277
...y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......#.c..6?...H#....p\....i.vo..dm.B./.....yN&..].M.C.......B%X1.X..."-...1.h........lW..........I?@..mF.p.V\.....sc./'..A}.>.p...9tNM..{......C...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(...A....5....-..;8=....&t..a[.../.A..U....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 293.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.............@\.R........{...L/..pq.4].....h.,..yk<.....bsl..Ed.).....ZF..>..m......4.C.`w.X....G.KS.,..'.}....Ws.k..P .2..... ....L.^?r....q.?...../pm.K}.%.....ce.Q.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(....8e.sI.6...-..u....."......#.P....O....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 173.....y....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07f
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8... ..3.}_.. 6.u..q..s.[.xd']]S......_G.z.h.B.)......Kb...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...:?\.:.......E.U[......x MA..~..K...l8......w21.b..K...|POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8...O..q......R.L.B..........jJ...F..,%....V...z.....uU..].POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...8.....G...r\...T=tG..Rs.V.D."VB>....[.Bp.B..i.p..F.......!.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 195
Content-Type: application/octet-stream
Host: h
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H......$'f8
....T.a.&e...u .'rx...u.@...&.j......;'c.../\...Ig..OA[..=./.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 179
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...(..Kqb.......D.(!?ak.lW0j.R.B.YF.....7U_Mj.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 915
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.......#..^M.^)M....
&.h.|....P.K%..$..4.{.Llq.%.t...h.....7. ...9..S.^.:..J....z...T..OF....*.?.#.(.ye.A..o......2c.E...!.....,#.IT../.Qk....].3{*.0.6(/.zs............>%.TV.;.......q.A.U0.....=."...*p..[O..J?A49..M....k...X...^h...u&w....l..r.,IU............$....?...>r../...e|..B............&..?..`.4..X..U.-......:.uy........n.>..(....7)..3e..w..Z$T6D....,....H..EZ....(............:o..
..3LVC.hf.".'....Q.L\b2.J..;}.L@y2@.....CCvwi...p.$...Jz...=u^..fg..mh...........?.C..5.b.....P5S.#...7).h......../|.wL.t/..f..3h.B..wH......W.7..y.J...%.3:....b66j?`.vp.5...n..&.v.k.v5.....T...c.>.e4.BB.9...-...s..uvr.Z.M>..X;.r(6...Mg.....-.}K.s..v.;.2.^s.V/..vl=$ww..O%k3}p..".....|&..........HU..[...Rh8?...j..6.,0".WS|.\3n.....-.*]..;.._n...ik.m^......7t./....i:.3.....}1'...6.z..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 195
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...8.....w..../[S....../....._..MlM...\.6_FoI.E...v.43.....'k/..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 332
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......h...C}.K....D......~-..C..n........'0.}u...K.......{j..H|.x.d.t.`;..........xe.1.7..YRfB..-..${W*C..\.$.h>......^..a..cr...|.o.........d.e.f....8......X.^._[9.....Q#...N.h.....?.U...l9J.....W.....[..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424......G.v...0....7.~7MHTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 148.....x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424......G.v...0....7.~7M..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 252
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x.....{j.JM.N....*.x. .?]......?.9.^ .....He.A.6!)3j\./t.....o..E.J....K..*R......WF..........Ot!..V.....).;R..0;.........
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424......S.....?...G.p.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 266
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....,t9.E...`.$^A.....}-oZ......sp.h....M.:.|'.$.h.t.)K.. ...o.M.W.ZA=`.G..k../W....!......Gof..&-Ir..^.bN..^...g.0....s........]..ll
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....,......-.......&.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 330
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......eUOK.q.t=.......[z.C......^)......~K..t.G........t"....0..\.S..i......D...Bh..(.....jS..iE.d.EQ ....m..A..8.........R.!S...m.]../h.C_..B}N^i>......J./.|`;6..|.#..h#u.9v..zF.X*\'.........]x..j
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424........f. 7X...._^ ......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x....e.GS..7.q.....k@.y!L1m...{.....O2...c.aI4.2'.2K...;....P.8....Y&nPL.../....3mww..k...m..`.I..U$1...lg.....b.z...a..J..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424......b<.H....^..}NG>F....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 258
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...x...%h.6..M..Ww..z.1...*".28M....-.A$;......[S..e..&||..Tu|\.'..9.,...T.o.z......J.z7..Lz..h4%..8C|:.i..7.?8'3_NbI.....;*=
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424........IY....u.K..Ls.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 306
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424........).........Y~.4V..J..@g.-..}{....D.O%N...s\.-|..).}.v8..W.......y~....p-.....d%.%.[.P^..:; ......".......&0..uT..r9U/.....^*....=.g|...y`.=.......#...S..e/...U...3a
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424......'.`..R..^..$........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2...v.G.aE?x;52.~.dc. ...#...4/..m.o4..Y.H....R.7R..z.539....z........v*.&`,...<..7.4.<..<.8.....t.T.-..".`Q;....5..1M..#.....K.mx.....;.......NGc....E3
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2\9..~..,............
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 306
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..E............ .-...k?.E..v.....]......K.......<.k.....wTb.s..j.~....x.....)K.N5!......y,.W$..[.....(.Ro...7..
w\.&..9 "...........z.....9Ap..y.!
.{>.?...Jo.Z.|.z.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.T1..i2.v ..........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 274
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~......
" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424......:.. .Qt.................5h...
~..W...Ms..c.....[c.. Pw...p../.*.......W*(|.....M@.... .....e(......3.|.`<Q].H..1.sMH.5.iU.[..(S..T.O...POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.~]...p.*;....#..Aa.l.D...x..'..D#..9#.Se.".vdj....../.ZG..._.......
.?M..... ..#.HLV.. ...I'..i[.fA.%:.SK?~,^M.g.er:.\.]...O(......3.......&2-Y..d.:G
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..,t.G..`...2S......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..to....V............W{.DG%?.{...R.r:g=...N..-73...........$..Gg....G.WL.!a%/..Y..D.D=.6.....]..Z.B..t8a8..6.%.z^....S.{.4A .....3...:NKeN..|v.2H.:.s..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2....YCc.w0..,fY8....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2..O..w..t...Km.O.v.4r.d..u..bG.Q.b"!. ......,.....g.........9...S......d.qa.{.....4y....K...!%...G........Y...u.\...w....
.................u.........POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2 .....>.....jQ.6&..M.u..>.0..F....6...HR..b.~..2.T....,....p..2..V..AG...U...zdz2un......Y....y...k..@>..A.]...k......=....~.U...*..e...h...~.s$.c.jka.POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 298
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2E....0........QY...<~.dr;...gdB.......y....\.]..."...bF
&>h .....@.}.R..`...
.s(....5~, ...p-\.ER_.....T...C.........i&.T..s&~...u..ye._........u.. .t..zD..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2...Zw#...dT.)...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154.....~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.b..?......Im...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154.....~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2$.T(....6Q[...s.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 154.....~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2P...X,........U ..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 312
Content-Type: application/octet-stream
Host: cr.zc.baidu.com
Keep-Alive: timeout=600,max=1000
...D....N...." 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` .......(=O...Z..j...bcv..V..%.m..4.>.p..W.A...;...T&........A%..{....._.X..O..|.....?..H...<.8X@.3...T V..h@.Giv.aP.WB.i.o.c8"Fu. u.r'.....j[.........o...~Q....ZR..E.........xi57.|v...*.#I....Uo...Q.....3. .t .%..,....;.....Q:...u.. ._..[
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 1680
...D....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ......@(=.h.L..yJ.&|n.>.....H.2..T.j~...s......n.[.).sd..]y..x.. ,......l.M...X.U...5..|W ..?.1...n.....z.;{U...xo))l.(.s...>..jn....rJ.........~.7.L....qn...0 vD.;4Mr@7...D...._(}TZ,."......... .0.g...Qa6....a.K...Py.;..W-TT1.....,....Pc.yFJ......3...F.......qf..<=....c...............;..m....P.........D.l......l'..J..A..^r..".. .....D99.i.j..{..T...[Z..;..N.i.!.Y........*..e...D"5..........W.!..5}4X...e..........Q...g..C.....a.}.:.'. ..m....=..t.?..b.o...n.zP'....};.M....H..b..G./......i..X'.E,xSr...}v.#.....>...B._....)...v...}_....cLS>..b.......d.....{.\...S.4.i....(...u.....#...T:?...[K<...; .........J"#!`...G...Z1D...Ia=w.E.Z...[.d..-G5.;........U.4...'..U.7.v..^....K..9T2-w_.......=x..e.K<...]..Am.A.3.es.>...Qk)G.....k!.......4...i....T. sJ.(s.L@2..$QL.NmmL...y..I._..UKOEC.k....Z..0M....wp...V...........iD.Brx.......g...J.....{TPI.........]:..r..ZH.p..d.....&..G..t^.p..m.[.i..S.S...|.eHF.."V....a"fX.r....r... .{.R.,...==YcP.....c6Y..,.(;}..Q...A...!r.-.c..Y.T7....Ni..OJ.~b...P.jx........?(:.X.R..0....apA..H.~.W&a..ad...>.QC.h:...CQ.|.V.....0..(fS.....p....".....6....cV..W...^`.d....T..`.O..?..v...0.t..|.-"..v......I..cb....x. C9.b.>.Y.... ...k=..V<r.URPk!Q...g...'..=...=...K...z.v.Q....pW9..c.p1...l.......^.JrYC..r..Qr....A|7.dQu..w..O.2(0..c.".|*d2|O..b...........B$.......I.Q ....Y...X.......v..g....0..9q..u\d...,^..6i....m...?..d..Vbf.Y.m.|...R..@......Z[BY.....m.o ......6U....]m...S....../W.......e,.
<<< skipped >>>
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=9175040-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:51 GMT
Content-Type: application/x-7z-compressed
Content-Length: 23033609
Connection: keep-alive
Set-Cookie: __cfduid=d0d6b9c009fd02bf68e3234fc4393daf21486165671; expires=Sat, 03-Feb-18 23:47:51 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:51 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 9175040-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c539613c593c-VIE
j.%...G.....NC.vH%q...A.lE.1..&{..y.%{o......B.......'Fr .k...u...;...c.....X.~paH.../.p...B0.J..>...[../..... .Y.{.8.T2.............w..FI....,j.\......G{HY..~..,..W..M...XIZ3............AF)V...c.gy.~..j..Y.je..u.h..D.2.s.V..-r..ks.... .......S..5.C?..N..K...9...F..1..F..X..|..\3oj.x3A...}X.'D....W}{..I@.4...:^..u...3.p......(..J....R....>...k#.tH.............w....lq..=..QS...6......R..$..6.5T..v.....I`]......r..D..38...!.....I.....t......r...iG.... "..?.3.....?&.u.`..H??.`.=.( |.....a-.@.......|H.....<:.=.bi...P...v......l..gn..L..........Y.r........6.....j..x...m ...h|.......[X...2._..UB.R.....Sd.E..&..t..G.;..o.Z..N_....d...o@F...eZ.i.i:.h.....QkJC..r.'x.x.LzD.Q....C..=.......u..7...h.......Z..Yp......uG..b....w....YdD..>(.......}....K..[.W.w.........HReL;k..a.FAi..o..*$W..Y./.M......-.E..c....C=X......;.xF.Q...a .pd...E6E..].....~....x..H!..Y..]M......Nsg..{8..nU.E.......|..BP....S..`V.j...c.W.....J..T..pM..m..A.M....Qd.......?../.e.=..;..\.a. .>.\`X.t......0G.`.m.....#&..P...._ .GK....3.c..=.t.P........Yw<R .....,...".:w.....[........(......d...%....D"/....z.!p&.-y...9..................|...Z..~....O.7..M.;....w...p..pri.>....?...W.ve..C.A..].o.a....ke[.j.^.....{-....}.:>0.^X.P[./.M......t..pw.....3.2..UD.%.N.._....]...o.$..i...].......?..-'.').\.....=.......y.P".R/.'..<.%...}u..Q.3.....Q .....O5........O<(....a..V.........X...X.......[ ..q.i..1.L-.y?.i.....n.Aj.......3.\....l..K..D...5....*7..l....ZM.........{).T..l.*...,.,0..w..2D...<j.t.ox1.T..............HY#.7{......h.\*
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 308
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....5...J[@j.R_..{... [.\..s..%.Jucr|.n.\........Km.!m..D._.ZV..T.#P...].!..3W..
..i\..e.....|..^v....9...F.t ...~.s...m\.E..&.~2...e.I......@.u...........h..PK.z...D..n..@.. I...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 148
...x........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ..(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....5..bN1.E..Vt.......
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Range: bytes=10354688-
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 206 Partial Content
Date: Fri, 03 Feb 2017 23:47:53 GMT
Content-Type: application/x-7z-compressed
Content-Length: 21853961
Connection: keep-alive
Set-Cookie: __cfduid=d73cf911ae1acdd764accf3120a5f06ea1486165673; expires=Sat, 03-Feb-18 23:47:53 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:53 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Content-Range: bytes 10354688-32208648/32208649
Server: yunjiasu-nginx
CF-RAY: 32b9c5403016595a-VIE
..X..3'...E.r..oo.t9.....G-.........(E.&....J.DfC.......sL..R}6...v....1(..1e..H.........>.O.Mt..N..X.&...qn..B...w.X..L..7.PN.....@}.~.P.>I.o.s..,.........gO..p...5n^..P...?.7...r.m.E`..'&...x/..F.Cu...U..\........7.d^<....b..v....\....H&U..H.E.6..#..;...#...q..iV.......FY....,Q.$...K.\Z....e`j..r&.Z...0.I.Ha.g......98...K:..v.[V,...../..d|.M......8.jr..g.#...."[.=.....;..<......C>...w..>F.l......`.1].[.D.En....x7..u..........2..}|...r..U.L..u......_.q.1...P.,..v#1......i...Z>............l.5..w..........;.]}D...<..5.U.Ip...K...T....-9T.!.#....,......Z*..P...Y$....7.l;]e.[....&9......|.%..........d:O.c.A.3.G.....coa........%.....:J..X.0G...i..U..A&.t{3P..jT.H......jd....M....=..B`V.F.QE.U"*D...j...~...~. ...G..e43._...=3.&|Kx.x...&..J.._...J;..i2K . .>j....v.t`*x(........!..lY*....5uVo.{`...P..fs@.].-.=F<.P..|oD.VP..'..>...cN)...K.|B...1Q..XA.N..D....U~.@5.B0.}...V......"U..Tc1.6..R4.;......T..X..@...c.3..&.....g..z..g_....M,.....gK.........K!.x..gc...........M.h}.l.H&.a.7|.....q.~./#.r....{ ........*).......:hi.B[Du.%-C...k.<U#...3.;.-.k!........`.....l.............0t@|La.TW..I..S..^ ..Wq.R....A...t`.nYM]..|I..$.<H.a..?..........u....83_....*K.9../.I.....4P7.....]%D...g.0`!.:.............{..A9..*...\;...|<..*.......:D..^".sz".WY.s;..-6.o.b.oa.K5.......SCL..j...."'...W.eKf.Q\.}.?Y...S..X~..ro.......b..%....{.M R.vL(5k=V.......Z..g3^B.u.\..H.&x.6c.ds`...t...Bo.....".Q.....N..Z..A..*.|.......S....G.(.V.....9...iX..*.$....6N...i...XD..s...u.....0...8.x.....r.....{..5..=..|
<<< skipped >>>
GET /odin/201504/38012d1ec93b2df99434b63e6dd4c6ae.e HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: */*;
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
User-Agent: Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: dlsw.br.baidu.com
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 159
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ......P8.s......l..V.U.8.e1...{...U....h...`.CW..^u..G.(?M.:.j/..:Ae...^NO$.!8{a....#.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........8R.[,|...`%.2.c/.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 271
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` .......3.........&..g......O.m.I....E..H9.....x..dD..nf.*.h...3.pp.xph....2.........2..{.....M$ ..A....V....)...g....M.Cr.rr....I.Q.I.D......._!.....1.z.....1T.E4jD.AK.......l......]f..u.)P...,$2....
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........3...Tq.."$@&.....HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........3...Tq.."$@&.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 239
Content-Type: application/octet-stream
Host: dr.zc.baidu.com
Keep-Alive: timeout=600,max=1000
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.
@.H.P.X.` ........qt&.......0......r..r.'93..I1Z.K...Z.
.p..)I.\.....e#...h...2....v...T..-l...V..d..ud....
......a.0.v.. ....Yl".V../=-.B8..VPy...c1$7....yv.?&"x*.....t@v.....
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 95
...C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........q..<.{(..V.....y.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 95.....C........" 1deeea43e07fba973e9d83e58918d424(.........2.8.@.H.P.X.` ........q..<.{(..V.....y...
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 167
Content-Type: application/octet-stream
Host: location.br.baidu.com
Keep-Alive: timeout=600,max=1000
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
1050123723...H..!..!&.....D..
.....;....p...m.\....?.9<....7...${.....zG.K....V.8..8Q.~
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 239
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ...1050123723.......4......qq'......v..V....?;.J.........b.R.....s...X,..&)J....D.j3:..l...?..7...yh.$k..N.0S....o.f.....4..,.o.....U....t.[.....s.[...~1P..m.<...A....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 231
Content-Type: application/octet-stream
Host: location.br.baidu.com
Keep-Alive: timeout=600,max=1000
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` .
1050123723......3..d. l..H..F.....<K.',s....L^$Z.'7..C.>g.<.=..V.er..F..p.!..i....tr.h..;.S...!.|....1w.7D.$.m.(:...<.!.s.m..y0..8.....Q........z]..8.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 127
...S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ...1050123723... ....j5<..v.Uz...Wb.S.............(HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 127.....S....N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` ...1050123723... ....j5<..v.Uz...Wb.S.............(..
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H..^...^..2..")g...C.....M..6.1)......{..G[.J-........g.y.......E........zAPOST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 211
Content-Type: application/octet-stream
Host: hb.mb.baidu.com
Keep-Alive: timeout=600,max=1000
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...H..)6......d..Q...u...E~....(.........Fo.O...C.4#.'......a^j.9=.Oi...y...=b
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 291
........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......>.!X/E.H._.t..p.N..UM..B.....Y..h....\M...VM..v..c../B.{D,F.".H=.K..^f.........E.U.O@...p...Ug....2..F.m.%....C.RK....)....!...........8 F.P$...K*...2.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 291..........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.......>.!X/E.H._.t..p.N..UM..B.....Y..h....\M...VM..v..c../B.{D,F.".H=.K..^f.........E.U.O@...p...Ug....2..F.m.%....C.RK....)....!...........8 F.P$...K*...2.HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 243..........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...h.....OOK.../x...L...z...../:..o..I..I...KV...[..Ra.S{\......L.....b..%B|3....v.......o..C......b.n#m..'...HTTP/1.1 200 OK..Content-Type: application/octet-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Length: 243..........N...." 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...h.....OOK.../x...L...z...../:..o..I..I...KV...[..Ra.S{\......L.....b..%B|3....v.......o..C......b.n#m..'.....
<<< skipped >>>
GET /odin/201610/4f03c9f6263fa20679b486a9424243c8.7z HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: scloud-dlsw.br.baidu.com
Referer: hXXp://scloud-dlsw.br.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 23:47:50 GMT
Content-Type: application/x-7z-compressed
Content-Length: 32208649
Connection: keep-alive
Set-Cookie: __cfduid=dbd74255ea419ee2e733cd2e95dd245701486165670; expires=Sat, 03-Feb-18 23:47:50 GMT; path=/; domain=.baidu.com; HttpOnly
Last-Modified: Wed, 26 Oct 2016 03:11:29 GMT
ETag: "58101ee1-1eb7709"
Expires: Fri, 22 Nov 2030 23:47:50 GMT
Cache-Control: public, max-age=435456000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: yunjiasu-nginx
CF-RAY: 32b9c53162885a14-VIE
7z..'......S.v......%........3.K.j...]...6...&|u..R.t....:%..8*....3{BIA......c.%.f....1."..N.=...G...k$W6`.\..tKHgj..9.i..[.A.~B.5..q.....N .x...h|<`.p?..oY.....A...E......#=$...#.......; "u.i..........XF.tVqPV....W^..:.... J.&B......KP..K....g...sV.H9UH..vB..;8 ...'.G..q...F.L.T.#....T....!.O."g...k.....j.P.&HU.Y..*.%....C lY......c.&.......X..u.r.Z.T...@.b).......l...70....2,/...1..r.p.x./T8_.?,p....!....|d..Z.x..e..pb.......y...X....up8|4..h.)XX=..%E.gw ....j..t...s.....p:..%{V4.!5..Pw..NzgoU.,..f.....g...`..M z....;..S.L.`p.....0.#s.SsTH?VA?BwqW....71.1...Z{x|i..._... ......m..0..:PF.1v.,d..dg|.D.......F.2....GK.......#%$.W.........s...^.#`...b..........>B}.......:7...Z.N=..Y..w.}(B.{.."......!....&.*..>. ..V8.^wN.6...Pa.B..A"....f./v%...`.A'.0.UD.].k/..$..H..a.......q.....K....i........ADre.4..=.......>&.cp;....d......A...[...DXy0..Ih.X%9@.U?.Q...$..m.&...8.......tR..!..... ....z.8MC .....4..7k.1.A$..^./Gy.>..L'..>b.E..M...hh.........oO..C.Z?..G.l _...(=O.:......r.....;>&..3.4..e..WO.....h~.^L IR7...Hv.@./...*.....\.T.1.........SF..*|Ac...H..kwg...AY.N.R.R...`G..E...2o.&@DwB......mh...mS.._.Obd.DKB.g&l.T......'...Jb.X....Ik'..R....v[a..}..).;.r.y...^.....=..k..].,O...X@..M...u.j..d ......K..|..].ch{K..'O.v1.......acM4|.p..M...`t.=.......1AU ...I..q...^.....g..g..QS...}.l..w........cbr....S.tw..d!...U..y.l.V..f..gl.T;..5..EH.S_xz....\..4.....@u.......u..G...h.~x.....J'....c..N* .M.n.V..atu1....\a.....,TBmjU..a..0.o?...vA.H.|....-<0.z....B.M.....b:.....p..F..&...........=..bQn..3..
<<< skipped >>>
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 314
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......%" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....,...G.~...<4c..U......k....&m.......N.u..l...5...u.Ph.........^....!..U......H..j..ONlxa..w
_..6Vr...m....Z..........&u....^RR......1AT&H..._.#.]Te~.p=.:\.r9....P...f.....6..5
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......%" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....,0`f.ik.......gz.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 290
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......&" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424.....2.BC.....W= $|^g..I"ww...d..5c....;>-......t.!.Pp...z;L...y...s..8,.1:.:.z............h5nA..%........z0.........`=.vuU.....R.P........uXO._.)N.......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......&" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424.....2...mtX..............
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......'" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../....6....G..duN......m...\@...........}.. ....
.."<......
......|2[.t.M......... [.{L.l.kj..MVB..&r.y..T.....G ..._...%......p...~..1..!.Y..<
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......'" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../.H....?RD....B.>....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......(" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.3.!o8..E)..Z.:..4K.Q....*.....3..K..4...M.{s.A...9|..(A...Rv.tO8.x.0.....o.JG.ip...@0c.vZ..WG.m..s../L...........[.;k..3...9.....O.nV.R.3...?.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......(" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../...M?Rwy ./.@.......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......)" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..Q(.......!S...y.,r\K_S>.`...U.<.J`.{.G.`82.......V]..b5..}T........@.F..8r.H/3!?OS.=2........."R.#.....D).... ......rW...S.^....hx.:...q...J..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......)" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../....iT.:...G..8p....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......*" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..*!.G".X!m]..`.0.....4w.o.j...........{..}..._..._D.&~v.s.Wl,..3\...4...0.l.@7$'S.Gq.3.P...$..8/..h.o.7....X.H`......M......MTU...Vy.9..cI.*p.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......*" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..Q%&.z....8.B.d....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../......@D............M..7..d..e.....9..)~.'l....~........8e.......hQ.D.`<.....C....wLw.dJ.....?*....W.&.. '.[....|.Ut..k.WO.j..r_....].k..zk.k...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~....... " 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../@..p*.....{...yN....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......," 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../l..W.8...2N.0w........Kzd....0.c.g..>..^.q..7[..........6.....I.}p...D....J".o1..<....(-..&.(o.Crn......#..G..WP. ........|.;.4?z2...[^..'LI...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......," 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..H......u.u.e......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......-" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.:.... ...y?....@.#.G.Gt>_eT....O..8.G......e...t.t*.c.?40...b.........0wu$@..V.dT..>.@>._.#\..k.f..\..q..QX~....".J..G.?.B=...GTwfw.......Hr}
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......-" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../...9Am.S2p...`_.....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~........" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../...R.E.D.`.....:.3y. i ..1...-...B...........4:@y....u.5..q.....[..z.L.S..(.w.y.Qt.s..%..S.........{..%..,.s........|...*n....q.Jeq..../].bpc..M
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~......./" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../._....C.?.g>.().....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......0" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../w<...6....$\....\L.Z.>].[.K.[....,.....Y.M=.F$a.=h..'*Z...T7.n..|n..8.*9.l....G.jG.Y= .s...1...K.......Z.i&ZG...(;......Oiz...Ro. ...sD.Y.B...e.
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......0" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../>...7.G...iz.i......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......1" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../../.^..I...^
.d. ...u..hr...0.r..(k.P..p...v.03......u.....A....../h.SA.V...W].\.B5_/X.O.s.... U.lv...U]>....S...{H....HG.Oh..9kO..nU0..`dj^H;
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......2" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../..F..I,1......h:....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......3" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../-W.....`.@..%.w|."V.."....JD.'..=.)WK...'...H.........._.x....t...y...F.W.F..q.# ek.-.2`v.>.TA.J.:X.......y..y......y`s.....4..[..V.E..Z.. ...
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......4" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../m.qCO..R'.....w)....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......5" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../............u.S(TEv.... lW.....5.g..D.....9....p.....M..@F.........!.........;J..0..XP.3(....<.#...ybE.E.E.<.w......=T.?AD.&jV9]...j_C...t...U..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......5" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../....{)..k.6.........
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......6" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../U..^TH. ...O..Z1.
...<....Q.r. ..f..a...N.k.w..Q......`D.j...:..l...f....)..N...iEL4.!P%..|.K.t....B.9....)2...ms.lq...5..Q^..._...F....%...W..
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......6" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../.....XUL....P..\....
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......7" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../..?..Aa].@#.Q.>.$.....,W.H.\.*...k"...,..#l"..&..........A.v<.....s..b.{..>..8...h...#,2D..........a..:..X.3.a./.-..8..3....&...9D..[m.7......
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......7" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../...Z...p...U.2......
POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 282
Content-Type: application/octet-stream
Host: dr.mb.baidu.com
Keep-Alive: timeout=600,max=1000
...~.......8" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(.
1050123723.. 1deeea43e07fba973e9d83e58918d424...../.L....X....y..#.-3..t.D.f......F.Y.**...S7......,/...2.E. .6....B.**.o .....8..>5,....B.R`.oM0W.X.NGjQJ. .....ya.o.B._{......#eC.g..>..v.s.F..h\
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 154
...~.......8" 1deeea43e07fba973e9d83e58918d424(.........2.8..@.H.P.X.....` j.p.x...(...1050123723.. 1deeea43e07fba973e9d83e58918d424...../...%%..E._g.ftD.....
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1904:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
9oj@XD%u
9oj@XD%u
g.mLf=
g.mLf=
ORL.SL/
ORL.SL/
chk_finish_1
chk_finish_1
chk_finish_2
chk_finish_2
chk_finish_3
chk_finish_3
chk_finish_4
chk_finish_4
chk_finish_5
chk_finish_5
chk_finish_6
chk_finish_6
delete info
delete info
[K.On
[K.On
W.eQYT
W.eQYT
gB7%U
gB7%U
9~ui.QBv@
9~ui.QBv@
J.pEu
J.pEu
\.MdB
\.MdB
Nullsoft Install System v2.46.3-Unicode
Nullsoft Install System v2.46.3-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
ers\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
ers\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
nshA2C5.tmp
nshA2C5.tmp
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll" (overwriteflag=1)
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp\System.dll" (overwriteflag=1)
.tmp\System.dll"
.tmp\System.dll"
avnt20161025/rav3490022.exe", t"rav3490022.exe", i0,i0)i.s
avnt20161025/rav3490022.exe", t"rav3490022.exe", i0,i0)i.s
123723.exe", t"Baidu_Setup_3.1.200.2978_ftn_1050123723.exe", i0,i0)i.s
123723.exe", t"Baidu_Setup_3.1.200.2978_ftn_1050123723.exe", i0,i0)i.s
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nshA2C5.tmp
hXXp://114.55.153.119/
hXXp://114.55.153.119/
2371592
2371592
PTF://f.i1236.com/ravnt20161025/rav3490022.exe
PTF://f.i1236.com/ravnt20161025/rav3490022.exe
idu_Setup_3.1.200.2978_ftn_1050123723.exe
idu_Setup_3.1.200.2978_ftn_1050123723.exe
rav3490022.exe
rav3490022.exe
.200.2978_ftn_1050123723.exe
.200.2978_ftn_1050123723.exe
tware\Microsoft\Windows\CurrentVersion\Uninstall\360
tware\Microsoft\Windows\CurrentVersion\Uninstall\360
c:\%original file name%.exe
c:\%original file name%.exe
%Program Files%\soui-nsis demo
%Program Files%\soui-nsis demo
C:\Users\"%CurrentUserName%"\AppData\Local\Temp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp
%original file name%.exe
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nssA2B4.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nssA2B4.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
Baidu.exe_2160:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SSSSh
SSSSh
VSSSSh
VSSSSh
WSSSSh
WSSSSh
Base.dll
Base.dll
Utils.dll
Utils.dll
[libprotobuf %s %s:%d] %s
[libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size()
CHECK failed: value.size()
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBRequest
sw.zeus.HBResponse
sw.zeus.HBResponse
asio.misc
asio.misc
asio.misc error
asio.misc error
BaiduShell.cpp
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
BaiduShellMain.cpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
GetReportMgr
ReleaseReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent() serialization error
DecodeMsgContent
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent() serialization error
EncodeMsgContent
EncodeMsgContent
boost thread: trying joining itself
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
HBTipsListData:%s
NeedInstallNewVersion:%d
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
key = %s, value = %s
MainProcess.cpp
MainProcess.cpp
PluginMgrProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
BaiduReport.dll
MSVCP100.dll
MSVCP100.dll
MSVCR100.dll
MSVCR100.dll
_amsg_exit
_amsg_exit
_acmdln
_acmdln
_crt_debugger_hook
_crt_debugger_hook
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
WINMM.dll
WINMM.dll
Baidu.exe
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
9 9$9(9,909
9 9$9(9,909
; ;.;?;^;
; ;.;?;^;
1-131:1_1
1-131:1_1
1-161Q1X1v1}1
1-161Q1X1v1}1
5$6*6=667
5$6*6=667
7%8U8
7%8U8
1 1$1(1,1014181
1 1$1(1,1014181
3(343
3(343
--newexe
--newexe
Protocol.dll
Protocol.dll
Report.dll
Report.dll
Accout_Login
Accout_Login
Pop_Windows
Pop_Windows
Browser_ImportBookMark
Browser_ImportBookMark
BugReport
BugReport
Report
Report
[performance]1 enter CBaiduShell::Run : %u
[performance]1 enter CBaiduShell::Run : %u
-eurl:
-eurl:
bdlog.dll
bdlog.dll
BrowserCore.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUIHandler.dll
BrowserUI.dll
BrowserUI.dll
PluginMgr.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
Skins\xml.rdb
LogicModel.dll
LogicModel.dll
BDMSkin.dll
BDMSkin.dll
MainUIHandler.dll
MainUIHandler.dll
MainUI.dll
MainUI.dll
--newexe 1
--newexe 1
--newexe 0
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduClientRender.exe
BaiduUpdate.exe
BaiduUpdate.exe
BaiduBugRpt.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
uninst.exe
\game.ico
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
\browsershowcut.ico
--newexe 1 --main-frame 1
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
ShellExecute result = %d
sBDClientProxy.dll
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
GetDefenseSwitch result=%d
\ExternalMgr.dll
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
Failed in init ExternalMgr.dll instance.
hermes.dll
hermes.dll
HBTipsListSize:%d
HBTipsListSize:%d
Upd.dat
Upd.dat
CheckFileHash OK %s
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
user32.dll
\LogicModel.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
p\MainUI.dll
\Heartbeat.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDockerX64.exe
BDDocker.exe
BDDocker.exe
Start exe Failed
Start exe Failed
\PluginMgr.dll
\PluginMgr.dll
3.1.200.2978
3.1.200.2978
BaiduService.exe_3816:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
PSShd
PSShd
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
[libprotobuf %s %s:%d] %s
[libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size()
CHECK failed: value.size()
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
asio.misc
asio.misc
asio.misc error
asio.misc error
\\.\Pipe\BaiduService
\\.\Pipe\BaiduService
CCommander::SendMsg failed(%d, %d, %x)!
CCommander::SendMsg failed(%d, %d, %x)!
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
CFileSearchService::HandleChannel(%d,%s,%d).
CFileSearchService::HandleChannel(%d,%s,%d).
CFileSearchService::HandleSearch(%s, %d).
CFileSearchService::HandleSearch(%s, %d).
.jpeg
.jpeg
.tiff
.tiff
.exif
.exif
.flac
.flac
.navi
.navi
.mpeg4
.mpeg4
.docx
.docx
.pptx
.pptx
.xlsx
.xlsx
.vsdx
.vsdx
.java
.java
Keywords
Keywords
$RECYCLE.BIN
$RECYCLE.BIN
windows
windows
Windows
Windows
FileSearch\FileSearchResult.pb.cc
FileSearch\FileSearchResult.pb.cc
BaiduService.FileSearch.SearchFileInfo
BaiduService.FileSearch.SearchFileInfo
BaiduService.FileSearch.SearchResultInfo
BaiduService.FileSearch.SearchResultInfo
boost thread: trying joining itself
boost thread: trying joining itself
Add, %s
Add, %s
Del %s error!
Del %s error!
Del, %s
Del, %s
%c:\%s
%c:\%s
CIndexManager::ChangeState (%s -> %s).
CIndexManager::ChangeState (%s -> %s).
CMisc::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CMisc::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CMisc::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CMisc::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CMisc::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CMisc::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CMisc::RecoveUnistReg Read DisplayVersion reg success version=%s
CMisc::RecoveUnistReg Read DisplayVersion reg success version=%s
CMisc::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CMisc::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CMisc::RecoveUnistReg Read UninstallString reg success uinst path =%s
CMisc::RecoveUnistReg Read UninstallString reg success uinst path =%s
CMisc::HandleChannel(%d,%s).
CMisc::HandleChannel(%d,%s).
BaiduService!%s
BaiduService!%s
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\BaiduService.pdb
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\BaiduService.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
Base.dll
Base.dll
Utils.dll
Utils.dll
ConnectNamedPipe
ConnectNamedPipe
GetProcessHeap
GetProcessHeap
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
CreateIoCompletionPort
CreateIoCompletionPort
KERNEL32.dll
KERNEL32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
MSVCP100.dll
MSVCP100.dll
WS2_32.dll
WS2_32.dll
MSVCR100.dll
MSVCR100.dll
_amsg_exit
_amsg_exit
_crt_debugger_hook
_crt_debugger_hook
SHLWAPI.dll
SHLWAPI.dll
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
h.exe
h.exe
ail.exe
ail.exe
:\Windows\System32\RmClient.exe
:\Windows\System32\RmClient.exe
RmClient.exe.mui
RmClient.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2c18175139d79a22\RmClient.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2c18175139d79a22\RmClient.exe.mui
VMwareHgfsClient.exe
VMwareHgfsClient.exe
9%Program Files%\VMware\VMware Tools\VMwareHgfsClient.exe
9%Program Files%\VMware\VMware Tools\VMwareHgfsClient.exe
BaiduRenderClient.exe
BaiduRenderClient.exe
SC:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe
SC:\Users\"%CurrentUserName%"\AppData\Local\Baidu\BaiduClient\3.1.200.2978\wrs\BaiduRenderClient.exe
293F3r3
293F3r3
5,5054585
5,5054585
FileIndex.db
FileIndex.db
FileIndexSecondary.db
FileIndexSecondary.db
.Secondary
.Secondary
Global\BD_Service_0F24E59F-6A16-4B47-80C6-399440224DE7
Global\BD_Service_0F24E59F-6A16-4B47-80C6-399440224DE7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
Baidu.exe,0
tuninst.exe
tuninst.exe
1.0.0.0
1.0.0.0
BaiduService.exe
BaiduService.exe
svchost.exe_3468:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
RPCRT4.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
_amsg_exit
_amsg_exit
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
svchost.pdb
svchost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
name="Microsoft.Windows.Services.SvcHost"
Host Process for Windows Services
Host Process for Windows Services
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
\PIPE\
Host Process for Windows Services
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
6.1.7600.16385
6.1.7600.16385
SearchProtocolHost.exe_1460:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
MSSHooks.dll
MSSHooks.dll
IMM32.dll
IMM32.dll
SHLWAPI.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSLogin
SrchDSSPortManager
SrchDSSPortManager
SrchPHHttp
SrchPHHttp
SrchIndexerQuery
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerClient
SrchIndexerSchema
SrchIndexerSchema
Msidle.dll
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
0xx=
0xx=
%s(%d)
%s(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%s"
tagname="%s"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%s"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
SHELL32.dll
PROPSYS.dll
PROPSYS.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
SearchProtocolHost.pdb
2 2(20282|2
2 2(20282|2
4%5S5
4%5S5
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
https
https
kernel32.dll
kernel32.dll
msTracer.dll
msTracer.dll
msfte.dll
msfte.dll
lX-X-X-XX-XXXXXX
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
tquery.dll
tquery.dll
%s\%s
%s\%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
0xx%p%S%d
0xx%p%S%d
advapi32.dll
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
%S(%d)
%S(%d)
tagname="%S"
tagname="%S"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
SearchProtocolHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
BaiduRenderClient.exe_2828:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
CreateWebRender
CreateWebRender
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
N:\web_render_sdk\out\release\web_render_service.exe.pdb
N:\web_render_sdk\out\release\web_render_service.exe.pdb
web_base.dll
web_base.dll
GetProcessHeap
GetProcessHeap
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
KERNEL32.dll
KERNEL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
USER32.dll
USER32.dll
MSVCP120.dll
MSVCP120.dll
MSVCR120.dll
MSVCR120.dll
_calloc_crt
_calloc_crt
_crt_debugger_hook
_crt_debugger_hook
__crtUnhandledException
__crtUnhandledException
__crtTerminateProcess
__crtTerminateProcess
__crtGetShowWindowMode
__crtGetShowWindowMode
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
__crtSetUnhandledExceptionFilter
__crtSetUnhandledExceptionFilter
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
3"3)343\3|3
3"3)343\3|3
7 7(7,74787
7 7(7,74787
Advapi32.dll
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
bdlog.dll
bdlog.dll
%d Instances,%s
%d Instances,%s
pipe
pipe
web_render_service.exe
web_render_service.exe
service-exe
service-exe
chrome
chrome
chromecore-dir
chromecore-dir
Web Render Service
Web Render Service
%s [%s] {
%s [%s] {
} %s [%s] [%d ms]
} %s [%s] [%d ms]
} %s [%d ms]
} %s [%d ms]
web_render_stub.dll
web_render_stub.dll
web_render_stub_child.dll
web_render_stub_child.dll
web_render::WebRenderFactory::CreateWebRender
web_render::WebRenderFactory::CreateWebRender
Framework.Stub;
Framework.Stub;
LoadLibrary,Last Error %d,%s
LoadLibrary,Last Error %d,%s
;HTTP\Engine.dll
;HTTP\Engine.dll
8.5.10241.224\TSWebMon.dat
8.5.10241.224\TSWebMon.dat
\atiu9pag.dll
\atiu9pag.dll
\WebPlugin\IscNsp.dll
\WebPlugin\IscNsp.dll
kswebshield.dll
kswebshield.dll
kspcore.dll
kspcore.dll
kswbc.dll
kswbc.dll
kwsui.dll
kwsui.dll
WebMon.dll
WebMon.dll
BDWebGuard.dll
BDWebGuard.dll
WebMonHook.dll
WebMonHook.dll
QvodWebBase.dll
QvodWebBase.dll
XIAOCHENPY.IME
XIAOCHENPY.IME
adsNet32.dll
adsNet32.dll
adsPop32.dll
adsPop32.dll
EDPWinsockSpi.dll
EDPWinsockSpi.dll
TortoiseSVN32.dll
TortoiseSVN32.dll
TortoiseStub32.dll
TortoiseStub32.dll
libsvn_tsvn32.dll
libsvn_tsvn32.dll
libsasl32.dll
libsasl32.dll
libaprutil_tsvn32.dll
libaprutil_tsvn32.dll
libapr_tsvn32.dll
libapr_tsvn32.dll
intl3_tsvn32.dll
intl3_tsvn32.dll
TortoiseOverlays.dll
TortoiseOverlays.dll
ntdll.dll
ntdll.dll
AcGenral.dll
AcGenral.dll
nvd3d9wrap.dll
nvd3d9wrap.dll
%s\..\web_browser_trident_plugin.dll
%s\..\web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
ekernel32.dll
ekernel32.dll
\\.\pipe\crashservice.%d.%d.%d
\\.\pipe\crashservice.%d.%d.%d
AddVectoredExceptionHandler %x
AddVectoredExceptionHandler %x
SetUnhandledExceptionFilter %x
SetUnhandledExceptionFilter %x
kernelbase.dll
kernelbase.dll
start breakpad client %s
start breakpad client %s
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
1.2.201.132
1.2.201.132
Baidu.exe_3820:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SSSSh
SSSSh
VSSSSh
VSSSSh
WSSSSh
WSSSSh
Base.dll
Base.dll
Utils.dll
Utils.dll
[libprotobuf %s %s:%d] %s
[libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size()
CHECK failed: value.size()
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBRequest
sw.zeus.HBResponse
sw.zeus.HBResponse
asio.misc
asio.misc
asio.misc error
asio.misc error
BaiduShell.cpp
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
BaiduShellMain.cpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
GetReportMgr
ReleaseReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent() serialization error
DecodeMsgContent
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent() serialization error
EncodeMsgContent
EncodeMsgContent
boost thread: trying joining itself
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
HBTipsListData:%s
NeedInstallNewVersion:%d
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
key = %s, value = %s
MainProcess.cpp
MainProcess.cpp
PluginMgrProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
BaiduReport.dll
MSVCP100.dll
MSVCP100.dll
MSVCR100.dll
MSVCR100.dll
_amsg_exit
_amsg_exit
_acmdln
_acmdln
_crt_debugger_hook
_crt_debugger_hook
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
WINMM.dll
WINMM.dll
Baidu.exe
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
9 9$9(9,909
9 9$9(9,909
; ;.;?;^;
; ;.;?;^;
1-131:1_1
1-131:1_1
1-161Q1X1v1}1
1-161Q1X1v1}1
5$6*6=667
5$6*6=667
7%8U8
7%8U8
1 1$1(1,1014181
1 1$1(1,1014181
3(343
3(343
--newexe
--newexe
Protocol.dll
Protocol.dll
Report.dll
Report.dll
Accout_Login
Accout_Login
Pop_Windows
Pop_Windows
Browser_ImportBookMark
Browser_ImportBookMark
BugReport
BugReport
Report
Report
[performance]1 enter CBaiduShell::Run : %u
[performance]1 enter CBaiduShell::Run : %u
-eurl:
-eurl:
bdlog.dll
bdlog.dll
BrowserCore.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUIHandler.dll
BrowserUI.dll
BrowserUI.dll
PluginMgr.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
Skins\xml.rdb
LogicModel.dll
LogicModel.dll
BDMSkin.dll
BDMSkin.dll
MainUIHandler.dll
MainUIHandler.dll
MainUI.dll
MainUI.dll
--newexe 1
--newexe 1
--newexe 0
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduClientRender.exe
BaiduUpdate.exe
BaiduUpdate.exe
BaiduBugRpt.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
uninst.exe
\game.ico
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
\browsershowcut.ico
--newexe 1 --main-frame 1
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
ShellExecute result = %d
sBDClientProxy.dll
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
GetDefenseSwitch result=%d
\ExternalMgr.dll
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
Failed in init ExternalMgr.dll instance.
hermes.dll
hermes.dll
HBTipsListSize:%d
HBTipsListSize:%d
Upd.dat
Upd.dat
CheckFileHash OK %s
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
user32.dll
\LogicModel.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
p\MainUI.dll
\Heartbeat.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDockerX64.exe
BDDocker.exe
BDDocker.exe
Start exe Failed
Start exe Failed
\PluginMgr.dll
\PluginMgr.dll
3.1.200.2978
3.1.200.2978
BaiduRenderClient.exe_2828_rwx_6CEC0000_00001000:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
WINMM.dll
WINMM.dll
POWRPROF.dll
POWRPROF.dll
Baidu.exe_1640:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
SSSSh
SSSSh
VSSSSh
VSSSSh
WSSSSh
WSSSSh
Base.dll
Base.dll
Utils.dll
Utils.dll
[libprotobuf %s %s:%d] %s
[libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size()
CHECK failed: value.size()
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
WS2_32.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
unsupported version
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
..\..\..\minibaidu_basic_proj\Include\CommonInclude\Heartbeat\zeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBRequest
sw.zeus.HBResponse
sw.zeus.HBResponse
asio.misc
asio.misc
asio.misc error
asio.misc error
BaiduShell.cpp
BaiduShell.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
BaiduShellMain.cpp
BaiduShellMain.cpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
CChildProcess::HandleMsg() invalid message id.
Utils::Process::CChildProcess::HandleMsg
Utils::Process::CChildProcess::HandleMsg
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/ChildProcess.h
CommonWorkerProcess.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
GetReportMgr
ReleaseReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
DecodeMsgContent() serialization error
DecodeMsgContent() serialization error
DecodeMsgContent
DecodeMsgContent
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Utils/Process/IPCMessageDef.h
EncodeMsgContent() serialization error
EncodeMsgContent() serialization error
EncodeMsgContent
EncodeMsgContent
boost thread: trying joining itself
boost thread: trying joining itself
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Include\CommonInclude\Base/AsyncTask/AsyncTask.h
ExternalMgrProcess.cpp
ExternalMgrProcess.cpp
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\UpdateAction.h
HBTipsListData:%s
HBTipsListData:%s
NeedInstallNewVersion:%d
NeedInstallNewVersion:%d
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
c:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_safecenter\minibaidu_client_proj\source\baidushell\ConfigAction.h
key = %s, value = %s
key = %s, value = %s
MainProcess.cpp
MainProcess.cpp
PluginMgrProcess.cpp
PluginMgrProcess.cpp
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
C:\jenkins\workspace\minibaidu_tag_20161107_3.1.200_SafeCenter\minibaidu_basic_proj\Output\BinRelease\Baidu.pdb
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
??1CURL@URLMisc@Utils@@QAE@XZ
??1CURL@URLMisc@Utils@@QAE@XZ
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CURL@URLMisc@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@ProductInfo@Utils@@YAPB_WXZ
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectFailed@CDataReport1324DockWindow@BaiduReport@@QAEXH@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?ReportInjectSuccess@CDataReport1324DockWindow@BaiduReport@@QAEX_J@Z
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
?Get1324DockWindow@BaiduReport@@YA?AV?$shared_ptr@VCDataReport1324DockWindow@BaiduReport@@@boost@@XZ
BaiduReport.dll
BaiduReport.dll
MSVCP100.dll
MSVCP100.dll
MSVCR100.dll
MSVCR100.dll
_amsg_exit
_amsg_exit
_acmdln
_acmdln
_crt_debugger_hook
_crt_debugger_hook
CreateIoCompletionPort
CreateIoCompletionPort
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
ShellExecuteW
ShellExecuteW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
WINMM.dll
WINMM.dll
Baidu.exe
Baidu.exe
.?AVKeyValue@zeus@sw@@
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Utils@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Utils@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Utils@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Utils@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
9 9$9(9,909
9 9$9(9,909
; ;.;?;^;
; ;.;?;^;
1-131:1_1
1-131:1_1
1-161Q1X1v1}1
1-161Q1X1v1}1
5$6*6=667
5$6*6=667
7%8U8
7%8U8
1 1$1(1,1014181
1 1$1(1,1014181
3(343
3(343
--newexe
--newexe
Protocol.dll
Protocol.dll
Report.dll
Report.dll
Accout_Login
Accout_Login
Pop_Windows
Pop_Windows
Browser_ImportBookMark
Browser_ImportBookMark
BugReport
BugReport
Report
Report
[performance]1 enter CBaiduShell::Run : %u
[performance]1 enter CBaiduShell::Run : %u
-eurl:
-eurl:
bdlog.dll
bdlog.dll
BrowserCore.dll
BrowserCore.dll
BrowserUIHandler.dll
BrowserUIHandler.dll
BrowserUI.dll
BrowserUI.dll
PluginMgr.dll
PluginMgr.dll
Skins\BrowserFrame.rdb
Skins\BrowserFrame.rdb
Skins\BDSearchBar.rdb
Skins\BDSearchBar.rdb
Skins\CommonRes.rdb
Skins\CommonRes.rdb
Skins\xml.rdb
Skins\xml.rdb
LogicModel.dll
LogicModel.dll
BDMSkin.dll
BDMSkin.dll
MainUIHandler.dll
MainUIHandler.dll
MainUI.dll
MainUI.dll
--newexe 1
--newexe 1
--newexe 0
--newexe 0
A8706990-9490-4106-8033-12E64714B86B
A8706990-9490-4106-8033-12E64714B86B
\CommonWorker.dll
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduClientRender.exe
BaiduUpdate.exe
BaiduUpdate.exe
BaiduBugRpt.exe
BaiduBugRpt.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
uninst.exe
uninst.exe
\game.ico
\game.ico
--newexe 1 --lnkname game --open-app 1013:show
--newexe 1 --lnkname game --open-app 1013:show
\browsershowcut.ico
\browsershowcut.ico
--newexe 1 --main-frame 1
--newexe 1 --main-frame 1
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
ShellExecute result = %d
sBDClientProxy.dll
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
GetDefenseSwitch result=%d
\ExternalMgr.dll
\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
Failed in init ExternalMgr.dll instance.
hermes.dll
hermes.dll
HBTipsListSize:%d
HBTipsListSize:%d
Upd.dat
Upd.dat
CheckFileHash OK %s
CheckFileHash OK %s
hCheckFileHash Md5 error !! %s
hCheckFileHash Md5 error !! %s
Cmd = %d, Action size = %d
Cmd = %d, Action size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
Cloud kV Config %d (Action %d), name = %s, version = %I64u, size = %d
user32.dll
user32.dll
\LogicModel.dll
\LogicModel.dll
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
[performance]3 enter CMainProcess::RunUIMessageLoop : %u
p\MainUI.dll
p\MainUI.dll
\Heartbeat.dll
\Heartbeat.dll
e[performance]2 enter CMainProcess::Run : %u
e[performance]2 enter CMainProcess::Run : %u
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
CBrowserProcess::Run ActiveExistAppWindow navigaet_url=%s
BDDockerX64.exe
BDDockerX64.exe
BDDocker.exe
BDDocker.exe
Start exe Failed
Start exe Failed
\PluginMgr.dll
\PluginMgr.dll
3.1.200.2978
3.1.200.2978
brp.exe_2276:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
jwj.SWj
jwj.SWj
PSSh019
PSSh019
PSSSSSSh
PSSSSSSh
PSSh,S9
PSSh,S9
RSSh
RSSh
j.Zf;
j.Zf;
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
DEwY$Ew.AEw
DEwY$Ew.AEw
kCv.SCv%
kCv.SCv%
{984F2052-5475-4CD7-887A-726BFFCF1798}
{984F2052-5475-4CD7-887A-726BFFCF1798}
..\Utils\Config\Config.cpp
..\Utils\Config\Config.cpp
-_.!~*'()
-_.!~*'()
..\Utils\Config\CompoundDoc\CompoundDoc.cpp
..\Utils\Config\CompoundDoc\CompoundDoc.cpp
255.255.168.192
255.255.168.192
0.0.168.192
0.0.168.192
255.255.31.172
255.255.31.172
0.0.16.172
0.0.16.172
255.255.255.10
255.255.255.10
0.0.0.10
0.0.0.10
255.255.255.255
255.255.255.255
[libprotobuf %s %s:%d] %s
[libprotobuf %s %s:%d] %s
%d.%d.%d
%d.%d.%d
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\stubs\common.cc
CHECK failed: value.size()
CHECK failed: value.size()
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\wire_format_lite.cc
..\src\google\protobuf\message_lite.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
GetProcessWindowStation
GetProcessWindowStation
operator
operator
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
1.2.5
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
- unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll
..\..\Include\BaiduRepair\ReportInfo.pb.cc
..\..\Include\BaiduRepair\ReportInfo.pb.cc
BaiduRepair.ReportInfo
BaiduRepair.ReportInfo
BrpCloudData.cpp
BrpCloudData.cpp
hXXp://up.mb.baidu.com
hXXp://up.mb.baidu.com
BaiduRepair::CBrpReport::ReportNoRepair
BaiduRepair::CBrpReport::ReportNoRepair
BrpReport.cpp
BrpReport.cpp
BaiduRepair::CBrpReport::ReportRepairFailed
BaiduRepair::CBrpReport::ReportRepairFailed
BaiduRepair::CBrpReport::ReportRepairSuccess
BaiduRepair::CBrpReport::ReportRepairSuccess
BaiduRepair::CBrpReport::ReportNoPullUpCloudData
BaiduRepair::CBrpReport::ReportNoPullUpCloudData
BaiduRepair::CBrpReport::ReportPullUpCloudDataFailed
BaiduRepair::CBrpReport::ReportPullUpCloudDataFailed
BaiduRepair::CBrpReport::ReportPullUpCloudDataSuccess
BaiduRepair::CBrpReport::ReportPullUpCloudDataSuccess
main.cpp
main.cpp
RepairWorker.cpp
RepairWorker.cpp
Utils\PbFileOperation.cpp
Utils\PbFileOperation.cpp
Fzeus.pb.cc
Fzeus.pb.cc
sw.zeus.ExtendedInfo
sw.zeus.ExtendedInfo
sw.zeus.KeyVersion
sw.zeus.KeyVersion
sw.zeus.BasicInfo
sw.zeus.BasicInfo
sw.zeus.SubRequest
sw.zeus.SubRequest
sw.zeus.CCRequest
sw.zeus.CCRequest
sw.zeus.KeyValue
sw.zeus.KeyValue
sw.zeus.FileItem
sw.zeus.FileItem
sw.zeus.FileGroup
sw.zeus.FileGroup
sw.zeus.KVConfig
sw.zeus.KVConfig
sw.zeus.Action
sw.zeus.Action
sw.zeus.ActionMap
sw.zeus.ActionMap
sw.zeus.NetInfo
sw.zeus.NetInfo
sw.zeus.CCResponse
sw.zeus.CCResponse
sw.zeus.HBRequest
sw.zeus.HBRequest
sw.zeus.HBResponse
sw.zeus.HBResponse
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
asio.misc
asio.misc
asio.misc error
asio.misc error
SetCrypt service_id=%d url=%s
SetCrypt service_id=%d url=%s
InitProductParam ver=%s soft_id=%d supply_id=%d
InitProductParam ver=%s soft_id=%d supply_id=%d
\NetService.ini
\NetService.ini
ServiceUrl.%d
ServiceUrl.%d
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/ini_parser.hpp
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/ini_parser.hpp
key expected
key expected
duplicate key name
duplicate key name
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/string_path.hpp
D:\project\reconstruct_branch\minibaidu_stable_proj\Include\boost/property_tree/string_path.hpp
thread.entry_event
thread.entry_event
thread.exit_event
thread.exit_event
..\Protocol\src\Protocol\RpcClient.cpp
..\Protocol\src\Protocol\RpcClient.cpp
..\Protocol\src\Protocol\AuroraProtocol.cpp
..\Protocol\src\Protocol\AuroraProtocol.cpp
1234567890111111
1234567890111111
bena::protocol::ProtobufPack::UpdateSoftParam
bena::protocol::ProtobufPack::UpdateSoftParam
boost thread: trying joining itself
boost thread: trying joining itself
Unsupported Media Type
Unsupported Media Type
HTTP Version not supported
HTTP Version not supported
HTTP/1.0
HTTP/1.0
HTTP/1.1
HTTP/1.1
127.0.0.1
127.0.0.1
bena::http::client::do_async_request
bena::http::client::do_async_request
D:\project\reconstruct_branch\minibaidu_common_proj\Source\Protocol\bena/http/client.h
D:\project\reconstruct_branch\minibaidu_common_proj\Source\Protocol\bena/http/client.h
bena::http::client::~client
bena::http::client::~client
..\Protocol\src\http\client.cpp
..\Protocol\src\http\client.cpp
bena::http::client::close_for_destruct
bena::http::client::close_for_destruct
bena::http::client::close
bena::http::client::close
bena::http::client::async_connect_coro
bena::http::client::async_connect_coro
async_connect_coro connect error !! error: %s
async_connect_coro connect error !! error: %s
bena::http::client::async_request_coro
bena::http::client::async_request_coro
bena::http::client::hanle_timeout
bena::http::client::hanle_timeout
error_happened error: %s
error_happened error: %s
bena::http::client::error_happened
bena::http::client::error_happened
..\Protocol\bena\Protocol\proto\header.pb.cc
..\Protocol\bena\Protocol\proto\header.pb.cc
https
https
ftpes
ftpes
ftps
ftps
tftp
tftp
% ;?:@=&,$/-_!.~*()
% ;?:@=&,$/-_!.~*()
..\Report\ReportMgr.cpp
..\Report\ReportMgr.cpp
Report::CReportData::PackToProtoDataItem
Report::CReportData::PackToProtoDataItem
val(%s):
val(%s):
Report::CReportData::PackReportData
Report::CReportData::PackReportData
DataReport --- Server Disable Report !!
DataReport --- Server Disable Report !!
DataReport --- ReportID %u Banned !!
DataReport --- ReportID %u Banned !!
DataReport --- AsyncReport : Not Allowed !!
DataReport --- AsyncReport : Not Allowed !!
DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- AsyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- AsyncReport : End
DataReport --- AsyncReport : End
DataReport --- SyncReport : Not Allowed !!
DataReport --- SyncReport : Not Allowed !!
DataReport --- SyncReport : begin
DataReport --- SyncReport : begin
DataReport --- SyncReport : CreateEvent
DataReport --- SyncReport : CreateEvent
DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- SyncReport : AddPacketToQueue cmdid=%u length=%u
DataReport --- SyncReport : WaitForSingleObject wait=%u
DataReport --- SyncReport : WaitForSingleObject wait=%u
DataReport --- SyncReport : WaitForSingleObject result=%d
DataReport --- SyncReport : WaitForSingleObject result=%d
DataReport --- SyncReport : End
DataReport --- SyncReport : End
..\Report\msg.pb.cc
..\Report\msg.pb.cc
datapkg.FieldsList
datapkg.FieldsList
datapkg.DataType
datapkg.DataType
datapkg.ResPonse
datapkg.ResPonse
DataReport::AddPacketToQueue
DataReport::AddPacketToQueue
DataReport::AddPacketToQueue %u records
DataReport::AddPacketToQueue %u records
Report::TransportMgr::TransportMgr
Report::TransportMgr::TransportMgr
..\Report\TransportMgr.cpp
..\Report\TransportMgr.cpp
DataReport::StopTransportThread 1, uiWaitTime=%u
DataReport::StopTransportThread 1, uiWaitTime=%u
DataReport::StopTransportThread 2
DataReport::StopTransportThread 2
TransportMgr::OnResponse errorcode = %d
TransportMgr::OnResponse errorcode = %d
Report::TransportMgr::LoadPacketData
Report::TransportMgr::LoadPacketData
DataReport::LoadPacketData Change file success, new filesize = %u
DataReport::LoadPacketData Change file success, new filesize = %u
DataReport::LoadPacketData Change file failed! Clear file
DataReport::LoadPacketData Change file failed! Clear file
DataReport::LoadPacketData Clear file
DataReport::LoadPacketData Clear file
DataReport::SaveAndErasePacket cache file is full!
DataReport::SaveAndErasePacket cache file is full!
DataReport::SaveAndErasePacket save %d records
DataReport::SaveAndErasePacket save %d records
DataReport::SaveAndEraseQueuePacket save %d records
DataReport::SaveAndEraseQueuePacket save %d records
DataReport::start!
DataReport::start!
DataReport::TransportPacket success
DataReport::TransportPacket success
DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!
DataReport::TransportPacket failed[%d], buffer is full, try save [%u] records to file!
DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u
DataReport::TransportPacket failed[%d], save it to buffer! buffer size = %u
DataReport::TransportPacket failed becouse of server error, we abandon it!
DataReport::TransportPacket failed becouse of server error, we abandon it!
DataReport::TransportPacket Deal Cache !!
DataReport::TransportPacket Deal Cache !!
DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u
DataReport::TransportPacket DealCacheLimit=%u LastCacheNum=%u NewCacheNum=%u
DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u
DataReport::TransportPacket Decrease Limit !! DealCacheLimit=%u
DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u
DataReport::TransportPacket Increase Limit !! DealCacheLimit=%u
DataReport::TransportPacket buffer size = %u
DataReport::TransportPacket buffer size = %u
DataReport::TransportPacket Load [%u] buffer Packet to Queue!
DataReport::TransportPacket Load [%u] buffer Packet to Queue!
DataReport::stop!
DataReport::stop!
DataReport::TransportPacket Begin!
DataReport::TransportPacket Begin!
DataReport::TransportPacket SendPacket error = %d tryCount = %d
DataReport::TransportPacket SendPacket error = %d tryCount = %d
DataReport::SendPacket Error: %d, Wait %u seconds, then try again
DataReport::SendPacket Error: %d, Wait %u seconds, then try again
DataReport::SendPacket Error: %d, MAX_TRY_COUNT return
DataReport::SendPacket Error: %d, MAX_TRY_COUNT return
DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!
DataReport::SendPacket Connect error: lost %u ms, sleep 10 s!
DataReport::SendPacket success: use %u ms!
DataReport::SendPacket success: use %u ms!
DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u
DataReport::SendPacket Get Svr Response: use %u ms! errcode = %u
HandleResponse Static response cnt = %d MsgType = %d errorCode = %d
HandleResponse Static response cnt = %d MsgType = %d errorCode = %d
..\Report\ReportNetComm.cpp
..\Report\ReportNetComm.cpp
Report::CReportNetComm::CReportNetComm
Report::CReportNetComm::CReportNetComm
hXXp://dr.mb.baidu.com
hXXp://dr.mb.baidu.com
CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u
CBDMReportNetComm::RpcRequestData CmdID=%u Length=%u
CBDMReportNetComm::RpcRequestData Fail !!
CBDMReportNetComm::RpcRequestData Fail !!
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
XXX
XXX
\\.\%c:
\\.\%c:
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
%s\Connection
D:\project\reconstruct_branch\minibaidu_basic_proj\Output\BinRelease\brp.pdb
D:\project\reconstruct_branch\minibaidu_basic_proj\Output\BinRelease\brp.pdb
SHLWAPI.dll
SHLWAPI.dll
InternetCrackUrlW
InternetCrackUrlW
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
PSAPI.DLL
PSAPI.DLL
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
CreateIoCompletionPort
CreateIoCompletionPort
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
RegEnumKeyW
RegEnumKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
VERSION.dll
VERSION.dll
SETUPAPI.dll
SETUPAPI.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
WINMM.dll
WINMM.dll
PeekNamedPipe
PeekNamedPipe
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyExA
NETAPI32.dll
NETAPI32.dll
.?AV?$CRefObject@UIUrlParts@URLMisc@Utils@@@@
.?AV?$CRefObject@UIUrlParts@URLMisc@Utils@@@@
.?AUIUrlParts@URLMisc@Utils@@
.?AUIUrlParts@URLMisc@Utils@@
.?AVCUrlParts@@
.?AVCUrlParts@@
.?AVCURL@URLMisc@Utils@@
.?AVCURL@URLMisc@Utils@@
.?AV?$EnableIntrusive@VCURL@URLMisc@Utils@@@@
.?AV?$EnableIntrusive@VCURL@URLMisc@Utils@@@@
zcÃ
zcÃ
.?AVReportInfo@BaiduRepair@@
.?AVReportInfo@BaiduRepair@@
*.yUW
*.yUW
.?AVKeyValue@zeus@sw@@
.?AVKeyValue@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AVKeyVersion@zeus@sw@@
.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@
.?AV?$enable_shared_from_this@Vclient@http@bena@@@boost@@
.?AVclient@http@bena@@
.?AVclient@http@bena@@
.?AVrequest@http@bena@@
.?AVrequest@http@bena@@
.?AVheader@http@bena@@
.?AVheader@http@bena@@
.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@
.?AV?$bind_t@XV?$mf5@XVRpcClient@protocol@bena@@ABVresponse@http@3@Vconst_buffer@asio@boost@@IVerror_code@system@8@H@_mfi@boost@@V?$list6@V?$value@V?$shared_ptr@VRpcClient@protocol@bena@@@boost@@@_bi@boost@@U?$arg@$00@3@U?$arg@$01@3@U?$arg@$02@3@U?$arg@$03@3@V?$value@H@23@@_bi@3@@_bi@boost@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@tr1@std@@
.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@tr1@std@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@
.?AVresponse@http@bena@@
.?AVresponse@http@bena@@
.?AV?$Singleton@VCReportMgr@Report@@$00@@
.?AV?$Singleton@VCReportMgr@Report@@$00@@
.?AVCReportMgr@Report@@
.?AVCReportMgr@Report@@
.?AVCReportData@Report@@
.?AVCReportData@Report@@
.?AVIReportMgr@Report@@
.?AVIReportMgr@Report@@
.?AVIReportData@Report@@
.?AVIReportData@Report@@
.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@
.?AV?$sp_counted_impl_p@VTransportMgr@Report@@@detail@boost@@
.?AV?$sp_counted_impl_p@VCReportEvent@Report@@@detail@boost@@
.?AV?$sp_counted_impl_p@VCReportEvent@Report@@@detail@boost@@
.?AVCReportClient@Report@@
.?AVCReportClient@Report@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@Report@@P812@AEXPAX@Z@fund@@@fund@@
.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@
.?AV?$EnableIntrusive@VCReportResponseHandler@Report@@@@
.?AVCReportResponseHandler@Report@@
.?AVCReportResponseHandler@Report@@
.?AVCReportNetComm@Report@@
.?AVCReportNetComm@Report@@
7 7}7L7z7
7 7}7L7z7
4O4j6
4O4j6
3 424=4\4
3 424=4\4
0q0
0q0
2o:t:
2o:t:
02D2
02D2
5 5$5(5,5054585
5 5$5(5,5054585
4>
4>
8 8$8(8,8
8 8$8(8,8
"0'0.040
"0'0.040
4 4$4(4%9
4 4$4(4%9
0$131
0$131
'0.070>0
'0.070>0
1 1$1(1,10141
1 1$1(1,10141
2 2$2(2,2024282
2 2$2(2,2024282
5 5$5(5,50545
5 5$5(5,50545
? ?@?`?
? ?@?`?
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
%sAccount\%I64u\
%sAccount\%I64u\
%sAccount\Default\
%sAccount\Default\
Utils.dll
Utils.dll
hXXp://
hXXp://
hXXps://
hXXps://
89F3CC4B-0091-49B0-81A6-188CFF582735
89F3CC4B-0091-49B0-81A6-188CFF582735
login
login
webkit-404
webkit-404
url-safe
url-safe
res://LocalPages.dll/
res://LocalPages.dll/
://login/
://login/
://webkit-404/
://webkit-404/
4%d.dat
4%d.dat
Global\{EB19B4E1-D804-4FF6-B8B2-61530127D102}
Global\{EB19B4E1-D804-4FF6-B8B2-61530127D102}
edu.cn
edu.cn
gov.cn
gov.cn
org.cn
org.cn
net.cn
net.cn
com.cn
com.cn
.travel
.travel
.name
.name
.museum
.museum
.mobi
.mobi
.jobs
.jobs
.info
.info
.coop
.coop
.asia
.asia
.arpa
.arpa
.aero
.aero
Msgrs:
Msgrs:
webcal://
webcal://
sPTF://
sPTF://
ssh://
ssh://
keyparc://
keyparc://
chrome://
chrome://
https:\\
https:\\
http:\\
http:\\
/%ProgramFiles%\Internet Explorer\IExplore.exe
/%ProgramFiles%\Internet Explorer\IExplore.exe
01234567890
01234567890
0123456789
0123456789
wVVV.
wVVV.
URL Protocol
URL Protocol
https:
https:
http:
http:
---COMPOUDDOC---pStream->SetSize error %x
---COMPOUDDOC---pStream->SetSize error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->Write error %x
---COMPOUDDOC---pStream->Stat error %x
---COMPOUDDOC---pStream->Stat error %x
.site
.site
app-error.html
app-error.html
restore-page.html
restore-page.html
ssl-error.html
ssl-error.html
crash.html
crash.html
webkit-404.html
webkit-404.html
404.html
404.html
connection-error.html
connection-error.html
connection-fail.html
connection-fail.html
login.html
login.html
aladdin.html
aladdin.html
index.html
index.html
bookmarks.html
bookmarks.html
history.html
history.html
settings.html
settings.html
40.0.0.1
40.0.0.1
0.0.0.0
0.0.0.0
0123456789:
0123456789:
.blank
.blank
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
.[Zebra::CPathCloudControl::Init] InitProductParam(ver:%s, supplyid:%d)
.[Zebra::CPathCloudControl::Init] InitProductParam(ver:%s, supplyid:%d)
HB_CMD_ZEBRA_CONFIG Version String = %d
HB_CMD_ZEBRA_CONFIG Version String = %d
HB_CMD_ZEBRA_CONFIG Version 0
HB_CMD_ZEBRA_CONFIG Version 0
[Zebra::CRepairCloudData::StartRequest] req.IsNotInitialized
[Zebra::CRepairCloudData::StartRequest] req.IsNotInitialized
[Zebra::CRepairCloudData::HandleResponse] errcode=%d
[Zebra::CRepairCloudData::HandleResponse] errcode=%d
Zebra::Start Request because request failed, time interval = %d
Zebra::Start Request because request failed, time interval = %d
[Zebra::CRepairCloudData::OnResponse] cc_resp.result() != ERROR_SUCCESS
[Zebra::CRepairCloudData::OnResponse] cc_resp.result() != ERROR_SUCCESS
[Zebra::CRepairCloudData::OnResponse] cc_resp.action_map_size() == 0
[Zebra::CRepairCloudData::OnResponse] cc_resp.action_map_size() == 0
[Zebra::CRepairCloudData::OnResponse] oActionMap.actions_size()
[Zebra::CRepairCloudData::OnResponse] oActionMap.actions_size()
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size()
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size()
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size() = %d
[Zebra::CRepairCloudData::ParseAction] oAction.kv_configs_size() = %d
[Zebra::CRepairCloudData::ParseAction] oKVConfig.configs_size()
[Zebra::CRepairCloudData::ParseAction] oKVConfig.configs_size()
sZebra::Repair cloud data RepairTimes =%d
sZebra::Repair cloud data RepairTimes =%d
Zebra::Repair cloud data repairInterval =%d
Zebra::Repair cloud data repairInterval =%d
Zebra::Repair cloud data repairForce =%d
Zebra::Repair cloud data repairForce =%d
Zebra::Update cloud version ver=%d
Zebra::Update cloud version ver=%d
.Zebra::CBrpReport***ReportNoRepair Start
.Zebra::CBrpReport***ReportNoRepair Start
Zebra::CBrpReport***ReportRepairFailed Start
Zebra::CBrpReport***ReportRepairFailed Start
dZebra::CBrpReport***ReportRepairSuccess Start
dZebra::CBrpReport***ReportRepairSuccess Start
Zebra::CBrpReport***ReportNoPullUpCloudData Start
Zebra::CBrpReport***ReportNoPullUpCloudData Start
Zebra::CBrpReport***ReportPullUpCloudDataFailed Start
Zebra::CBrpReport***ReportPullUpCloudDataFailed Start
Zebra::CBrpReport***ReportPullUpCloudDataSuccess Start
Zebra::CBrpReport***ReportPullUpCloudDataSuccess Start
Zebra::Launch=%d
Zebra::Launch=%d
Baidu.exe
Baidu.exe
Zebra::DoWork Get Repair Info repairTime=%d, intervaly=%d, forceRepair=%d
Zebra::DoWork Get Repair Info repairTime=%d, intervaly=%d, forceRepair=%d
Zebra::DoWork Check exe No Repair
Zebra::DoWork Check exe No Repair
Zebra::DoWork Start repair zebraPath=%s
Zebra::DoWork Start repair zebraPath=%s
Zebra::DoWork no get cloud data, start baidu exe
Zebra::DoWork no get cloud data, start baidu exe
Zebra::DoWork Start baidu's exe
Zebra::DoWork Start baidu's exe
Zebra::RepairTool No repair dataReport, reason=%d
Zebra::RepairTool No repair dataReport, reason=%d
Zebra::RepairTool repair failed dataReport, reason=%d
Zebra::RepairTool repair failed dataReport, reason=%d
Zebra::RepairTool repair success dataReport
Zebra::RepairTool repair success dataReport
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Zebra::CPbFileUtils::SetPbFileContent repair time=%d
Zebra::CPbFileUtils::SetPbFileContent repair time=%d
Zebra::CPbFileUtils::SetPbFileContent get file failed error=%d
Zebra::CPbFileUtils::SetPbFileContent get file failed error=%d
common\ZerbaReport.pb
common\ZerbaReport.pb
\BDZebraSDK.dll
\BDZebraSDK.dll
\Baidu.exe
\Baidu.exe
shlwapi.dll
shlwapi.dll
.ntdll.dll
.ntdll.dll
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\FileVersion
%u.%u.%u.%u
%u.%u.%u.%u
bdlog.dll
bdlog.dll
pipe
pipe
GID_REPORT
GID_REPORT
GID_BAIDU_MSGPUSH
GID_BAIDU_MSGPUSH
~RpcClient request_times=%d timeout_times=%d internal_req_times=%d
~RpcClient request_times=%d timeout_times=%d internal_req_times=%d
tRpcClient request_times=%d
tRpcClient request_times=%d
AsyncRpcRequest serviceID=%d msgType=%d seq=%d
AsyncRpcRequest serviceID=%d msgType=%d seq=%d
HandleRecv UnpackOK !! serviceID=%d msgType=%d seq=%d error=%d transfer_costtime=%d
HandleRecv UnpackOK !! serviceID=%d msgType=%d seq=%d error=%d transfer_costtime=%d
HandleRecv Unpack Error !! serviceID=%d error=%d
HandleRecv Unpack Error !! serviceID=%d error=%d
HandleRecv CallBack !! serviceID=%d msgType=%d seq=%d error=%d callback_costtime=%d
HandleRecv CallBack !! serviceID=%d msgType=%d seq=%d error=%d callback_costtime=%d
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
\\.\Scsi%d:
\\.\Scsi%d:
\verify.db
\verify.db
Pack addr=%p split_value=%d uid=%I64u
Pack addr=%p split_value=%d uid=%I64u
Init SoftParam local_ver=%d g_ver=%d
Init SoftParam local_ver=%d g_ver=%d
Init AccountParam local_ver=%d g_ver=%d
Init AccountParam local_ver=%d g_ver=%d
InitRequestPortoHeader sig_len=%d split_value=%d uid=%I64u
InitRequestPortoHeader sig_len=%d split_value=%d uid=%I64u
InitRequestPortoHeader Clear AccountParam
InitRequestPortoHeader Clear AccountParam
Update AccountParam local_ver=%d g_ver=%d
Update AccountParam local_ver=%d g_ver=%d
UpdateAccountParam sig_len=%d split_value=%d uid=%I64u
UpdateAccountParam sig_len=%d split_value=%d uid=%I64u
UpdateSoftParam local_ver=%d g_ver=%d
UpdateSoftParam local_ver=%d g_ver=%d
client internal_req_times=%d
client internal_req_times=%d
pclose_for_destruct session=%d
pclose_for_destruct session=%d
close session=%d
close session=%d
async_request_coro send request !! seqno=%d
async_request_coro send request !! seqno=%d
psubkey(%d):
psubkey(%d):
key(%d):
key(%d):
val(%d):
val(%d):
a
a
2CanReport
2CanReport
BanReportID
BanReportID
2TransportMgr create
2TransportMgr create
rpt.dat
rpt.dat
TransportMgr CacheFileName=%s
TransportMgr CacheFileName=%s
DataReport::LoadPacketData Read %s failed, error=%u!
DataReport::LoadPacketData Read %s failed, error=%u!
DataReport::LoadPacketData Read %s success, but the file is empty!
DataReport::LoadPacketData Read %s success, but the file is empty!
DataReport::LoadPacketData Read %s success, filesize = %u
DataReport::LoadPacketData Read %s success, filesize = %u
DataReport::LoadPacketData Read %s success, get %d records!
DataReport::LoadPacketData Read %s success, get %d records!
pCReportNetComm create
pCReportNetComm create
kernel32.dll
kernel32.dll
.html
.html
ddddddd
ddddddd
19000000000000000
19000000000000000
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
system32\winlogon.exe
\Global.db
\Global.db
3HKEY_LOCAL_MACHINE
3HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
iphlpapi.dll
iphlpapi.dll
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\config\
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\Baidu\Baidu\bp\brp.exe
1.0.0.1
1.0.0.1
BaiduRepair.exe
BaiduRepair.exe
SearchFilterHost.exe_2228:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
IMM32.dll
IMM32.dll
MSSHooks.dll
MSSHooks.dll
mscoree.dll
mscoree.dll
SHLWAPI.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
SearchFilterHost.pdb
SearchFilterHost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
name="Microsoft.Windows.Search.MSSFH"
3 3(30383|3
3 3(30383|3
kernel32.dll
kernel32.dll
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
tquery.dll
tquery.dll
advapi32.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
0xx%p%S%d
0xx%p%S%d
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
0xx=
0xx=
%S(%d)
%S(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%S"
tagname="%S"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
%s\%s
%s\%s
winhttp.dll
winhttp.dll
Microsoft Windows Search Filter Host
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
SearchFilterHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
BaiduRenderClient.exe_3112:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
CreateWebRender
CreateWebRender
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
N:\web_render_sdk\out\release\web_render_service.exe.pdb
N:\web_render_sdk\out\release\web_render_service.exe.pdb
web_base.dll
web_base.dll
GetProcessHeap
GetProcessHeap
SetNamedPipeHandleState
SetNamedPipeHandleState
TransactNamedPipe
TransactNamedPipe
WaitNamedPipeW
WaitNamedPipeW
KERNEL32.dll
KERNEL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
USER32.dll
USER32.dll
MSVCP120.dll
MSVCP120.dll
MSVCR120.dll
MSVCR120.dll
_calloc_crt
_calloc_crt
_crt_debugger_hook
_crt_debugger_hook
__crtUnhandledException
__crtUnhandledException
__crtTerminateProcess
__crtTerminateProcess
__crtGetShowWindowMode
__crtGetShowWindowMode
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
__crtSetUnhandledExceptionFilter
__crtSetUnhandledExceptionFilter
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
3"3)343\3|3
3"3)343\3|3
7 7(7,74787
7 7(7,74787
Advapi32.dll
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
bdlog.dll
bdlog.dll
%d Instances,%s
%d Instances,%s
pipe
pipe
web_render_service.exe
web_render_service.exe
service-exe
service-exe
chrome
chrome
chromecore-dir
chromecore-dir
Web Render Service
Web Render Service
%s [%s] {
%s [%s] {
} %s [%s] [%d ms]
} %s [%s] [%d ms]
} %s [%d ms]
} %s [%d ms]
web_render_stub.dll
web_render_stub.dll
web_render_stub_child.dll
web_render_stub_child.dll
web_render::WebRenderFactory::CreateWebRender
web_render::WebRenderFactory::CreateWebRender
Framework.Stub;
Framework.Stub;
LoadLibrary,Last Error %d,%s
LoadLibrary,Last Error %d,%s
;HTTP\Engine.dll
;HTTP\Engine.dll
8.5.10241.224\TSWebMon.dat
8.5.10241.224\TSWebMon.dat
\atiu9pag.dll
\atiu9pag.dll
\WebPlugin\IscNsp.dll
\WebPlugin\IscNsp.dll
kswebshield.dll
kswebshield.dll
kspcore.dll
kspcore.dll
kswbc.dll
kswbc.dll
kwsui.dll
kwsui.dll
WebMon.dll
WebMon.dll
BDWebGuard.dll
BDWebGuard.dll
WebMonHook.dll
WebMonHook.dll
QvodWebBase.dll
QvodWebBase.dll
XIAOCHENPY.IME
XIAOCHENPY.IME
adsNet32.dll
adsNet32.dll
adsPop32.dll
adsPop32.dll
EDPWinsockSpi.dll
EDPWinsockSpi.dll
TortoiseSVN32.dll
TortoiseSVN32.dll
TortoiseStub32.dll
TortoiseStub32.dll
libsvn_tsvn32.dll
libsvn_tsvn32.dll
libsasl32.dll
libsasl32.dll
libaprutil_tsvn32.dll
libaprutil_tsvn32.dll
libapr_tsvn32.dll
libapr_tsvn32.dll
intl3_tsvn32.dll
intl3_tsvn32.dll
TortoiseOverlays.dll
TortoiseOverlays.dll
ntdll.dll
ntdll.dll
AcGenral.dll
AcGenral.dll
nvd3d9wrap.dll
nvd3d9wrap.dll
%s\..\web_browser_trident_plugin.dll
%s\..\web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
web_browser_trident_plugin.dll
ekernel32.dll
ekernel32.dll
\\.\pipe\crashservice.%d.%d.%d
\\.\pipe\crashservice.%d.%d.%d
AddVectoredExceptionHandler %x
AddVectoredExceptionHandler %x
SetUnhandledExceptionFilter %x
SetUnhandledExceptionFilter %x
kernelbase.dll
kernelbase.dll
start breakpad client %s
start breakpad client %s
dbghelp.dll
dbghelp.dll
rpcrt4.dll
rpcrt4.dll
%s\%s.dmp
%s\%s.dmp
x-x-x-xx-xxxxxx
x-x-x-xx-xxxxxx
1.2.201.132
1.2.201.132
BaiduRenderClient.exe_3112_rwx_00060000_00001000:
C:\Windows\system32\bbnethlp.dll
C:\Windows\system32\bbnethlp.dll
BaiduRenderClient.exe_3112_rwx_00090000_00001000:
ntdll_ZwOpenKeyEx
ntdll_ZwOpenKeyEx
;.WSH;.MSC
;.WSH;.MSC
BaiduRenderClient.exe_3112_rwx_00092000_00001000:
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
SystemRoot=C:\Windows
SystemRoot=C:\Windows
windir=C:\Windows
windir=C:\Windows
windows_tracing_flags=3
windows_tracing_flags=3
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
OCIATIONS\HTTP\USERCHOICE
OCIATIONS\HTTP\USERCHOICE
WARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE
WARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE
ware\microsoft\windows\shell\associations\urlassociations\https\userchoice
ware\microsoft\windows\shell\associations\urlassociations\https\userchoice
BaiduRenderClient.exe_3112_rwx_17A0A000_000F5000:
Ph%2u
Ph%2u